KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q261228: XCLN: Users Cannot Connect to Exchange Server After DCPromo

Article: Q261228
Product(s): Microsoft Exchange
Version(s): 5.5 SP3
Operating System(s): 
Keyword(s): exc55sp3
Last Modified: 07-AUG-2002

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Exchange Server, version 5.5 SP3 
- the operating system: Microsoft Windows 2000 
-------------------------------------------------------------------------------

SYMPTOMS
========

After you run DCPromo to install Active Directory services on a computer that is
running Windows 2000 Server and Exchange Server 5.5 Service Pack 3, all of the
e-mail users may not be able to connect to the Exchange Server computer. These
users include Post Office Protocol version 3 (POP3), Messaging Application
Programming Interface (MAPI), Internet Message Access Protocol, Version 4rev1
(IMAP4), and Outlook Web Access (OWA) e-mail users.

CAUSE
=====

This issue can occur if the Everyone group no longer has the Access this
Computer from the Network user right.

RESOLUTION
==========

To resolve this issue, add the Everyone group to the Access this Computer from
the Network user right in the Default Domain Controllers Policy:

1. Click Start, point to Programs, point to Administrative Tools, and then click
  Domain Controller Security Policy.

2. In the Domain Controller Security Policy dialog box, double-click Security
  Settings.

3. Double-click Local Policies.

4. Double-click Users Rights Assignment.

5. Double-click "Access this computer from the network". Make sure that the
  "Define these policy settings" check box is selected, and then click Add to
  add the Everyone group to this user right.

MORE INFORMATION
================

Windows 2000 Server policies are defined from the Domain Controller Security
Policy down to the Domain Security Policy down to the Local Security Policy.
Therefore, if the Everyone group is defined at the Domain Controller Security
Policy level, the Everyone group should also be defined at the Domain Security
Policy and Local Security Policy levels.

In the Local Security Policy, the Effective Policy Setting column refers to the
Domain Controller and Domain Security Policies. If the Domain Controller and
Domain Security Policies are effective, this column is selected and is
unavailable (dimmed). The Local Policy Setting column refers to rights for the
local computer. If rights for the local computer are effective, this column is
selected (this column is not unavailable).

If e-mail users are still unable to connect to the Exchange Server computer after
you add the Everyone group to the Domain Controller Security Policy, check the
same user right in the Local Security Policy. Make sure that the Domain
Controller Security Policy is effective and that the Everyone group has the
Access this Computer from the Network local user right.

You can also check the User Rights Assignment by using Microsoft Management
Console (MMC):

1. Click Start, and then click Run.

2. In the Open box, type "mmc" (without the quotation marks).

3. On the Console menu under the Console Root, click Add/Remove Snap-in.

4. Add the Local Computer Policy snap-in, Default Domain Policy snap-in, and
  Default Domain Controllers Policy snap-in (parts of Group Policy). These
  correspond respectively to the Local Security Policy, Domain Security Policy,
  and Domain Controller Security Policy in Administrative Tools.

Additional query words:

======================================================================
Keywords          : exc55sp3 
Technology        : kbOSWin2000 kbOSWinSearch kbExchangeSearch kbZNotKeyword2 kbExchange550SP3
Version           : :5.5 SP3
Issue type        : kbprb

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.