XCLN: Unable to Open Your Default E-Mail Folders (244523)


The information in this article applies to:

  • Microsoft Exchange Server 5.5
This article was previously published under Q244523

SYMPTOMS

When you try to log on to another user's mailbox while you are logged on to the Microsoft Windows NT domain with an account that does not have permissions for the other user's mailbox, you may receive the following error messages (even though you enter valid credentials for the other user's mailbox when you are prompted):
  • Unable to open your default e-mail folders. You do not have permission to log on.

    Would you like to open your default File System folder instead?
  • Unable to open your default e-mail folders. The information store could not be opened.

    Would you like to open your default File System folder instead?
For example, User A is logged on to the Windows NT domain as User A, but wants to access User B's mailbox. User A does not have permissions for User B's mailbox. When User A is prompted for credentials, User A enters User B's Windows NT account, domain, and password, but cannot access User B's mailbox.

CAUSE

This problem may occur if named pipes (ncacn_np) is used as the Microsoft Exchange Client remote procedure call (RPC) protocol.

RESOLUTION

To resolve this problem, use one of the following methods:
  • Remove the static mapping for either the Exchange Server directory service or information store service, as applicable.
  • Statically map the ports for either the Exchange Server directory service or information store service, as applicable, to a port that is not in use. Microsoft recommends that you map to a port outside the ephemeral range (the ephemeral port range is from port 1024 to port 5000, including port 1024 and port 5000).
  • Run the net use command to the IPC$ share on the Exchange Server computer and use the credentials of the user whose mailbox you want to access.

MORE INFORMATION

RPC that uses named pipes (ncacn_np) establishes its security identity by using the credentials of the user who is logged on to the Windows NT domain. Because named pipe connections are established by the redirector to the server, the security identity is established before RPC communication. As a result, RPC uses the security context that is established by the redirector, and the dialog boxes generated by Microsoft Outlook that request security credentials do not override this security context. Because the user who is logged on does not have permissions for the target mailbox, the logon process to that mailbox does not work.

You can specify the ncacn_np protocol sequence by modifying the RPC_Binding_Order registry value. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

163576 XGEN: Changing the RPC Binding Order

Occasionally the named pipes protocol sequence is used because other protocol sequences did not work.

Other protocol sequences in the RPC_Binding_Order value may not work if either the Exchange Server directory service or information store service is configured to use a static IP address that is in use at the time that the service starts. This prevents the service from binding to that port and essentially disables that protocol for use with that service. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

176466 XGEN: TCP Ports and Microsoft Exchange: In-depth Discussion

Modification Type:MinorLast Reviewed:9/7/2005
Keywords:kbinterop kbnetwork kbprb KB244523 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.