Q244523: XCLN: Unable to Open Your Default E-Mail Folders
Article: Q244523
Product(s): Microsoft Exchange
Version(s): 5.5
Operating System(s):
Keyword(s): kbinterop kbnetwork exc55
Last Modified: 04-JUN-2002
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Exchange Server, version 5.5
-------------------------------------------------------------------------------
SYMPTOMS
========
When you attempt to log on to another user's mailbox while you are logged on to
the Microsoft Windows NT domain with an account that does not have permissions
for the other user's mailbox, you may receive the following error messages (even
though you enter valid credentials for the other user's mailbox when you are
prompted):
- Unable to open your default e-mail folders. You do not have permission to log
on.
- Would you like to open your default File System folder instead?
For example, User A is logged on to the Windows NT domain as User A, but wants to
access User B's mailbox. User A does not have permissions for User B's mailbox.
When User A is prompted for credentials, User A enters User B's Windows NT
account, domain, and password, but cannot access User B's mailbox.
CAUSE
=====
This problem can occur if named pipes (ncacn_np) is used as the Microsoft
Exchange Client remote procedure call (RPC) protocol.
RESOLUTION
==========
To resolve this problem, use one of the following methods:
- Remove the static mapping for either the Exchange Server directory service or
information store service, as applicable.
- Statically map the ports for either the Exchange Server directory service or
information store service, as applicable, to a port that is not in use.
Microsoft recommends that you map to a port outside the ephemeral range (the
ephemeral port range is from port 1024 to port 5000, including port 1024 and
port 5000).
- Run the net use command to the IPC$ share on the Exchange Server computer and
use the credentials of the user whose mailbox you want to access.
MORE INFORMATION
================
RPC that uses named pipes (ncacn_np) establishes its security identity by using
the credentials of the user who is logged on to the Windows NT domain. Because
named pipe connections are established by the redirector to the server, the
security identity is established before RPC communication. As a result, RPC uses
the security context that is established by the redirector, and the dialog boxes
generated by Microsoft Outlook that request security credentials do not override
this security context. Because the user who is logged on does not have
permissions for the target mailbox, the logon process to that mailbox does not
work.
You can specify the ncacn_np protocol sequence by modifying the RPC_Binding_Order
registry value. For additional information, click the article number below to
view the article in the Microsoft Knowledge Base:
Q163576 XGEN: Changing the RPC Binding Order
Occasionally the named pipes protocol sequence is used because other protocol
sequences did not work.
Other protocol sequences in the RPC_Binding_Order value may not work if either
the Exchange Server directory service or information store service is configured
to use a static IP address that is in use at the time that the service starts.
This prevents the service from binding to that port, which essentially disables
that protocol for use with that service.
For additional information, click the article numbers below to view the articles
in the Microsoft Knowledge Base:
Q194952 XADM: Statically Mapped Port Limitations for Exchange Server
Q155831 XADM: Setting TCP/IP Ports for Exchange and Outlook Client
Connections Through a Firewall
Q148732 XADM: Setting TCP/IP Port Numbers for Internet Firewalls
Q176466 XGEN: TCP Ports and Microsoft Exchange: In-depth Discussion
Additional query words:
======================================================================
Keywords : kbinterop kbnetwork exc55
Technology : kbExchangeSearch kbExchange550 kbZNotKeyword2
Version : :5.5
Issue type : kbprb
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.