A user cannot sign in to Exchange Instant Messaging unless the user is a member of the Administrators group in Exchange 2000 (307217)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q307217

SYMPTOMS

When an Instant Messaging user tries to sign in to Microsoft Exchange 2000 Server Instant Messaging, the user receives the following error message:
Exchange Instant Messaging authentication failure. The person logged on to this computer does not have permission to use the specified e-mail address. Please supply an e-mail address and logon credentials for that address.
Additionally, if you perform a network trace, or if you view the log file that is created by Internet Information Services (IIS) for the W3SVC service, you notice that IIS responds to the user authentication requests by using the following message: 401 - Access Denied

Note Instant Messaging users who are members of the local Administrators group or who are members of the Domain Admins group can log on successfully.

CAUSE

This issue occurs when the Instant Messaging user does not have access to the Msimsrv.dll file in the Exchsrvr\BIN folder.

RESOLUTION

To resolve this issue, assign the Authenticated Users group the permissions to access the Exchsrvr\BIN folder and the Exchsrvr\BIN\Msimsrv.dll file. To assign the Authenticated Users group the permissions, follow these steps:
  1. Start Windows Explorer, and then locate the Exchsrvr\BIN folder.

    Note The default location of the Exchsrvr\BIN folder in a new Exchange 2000 installation is C:\Program Files\Exchsrvr\BIN. When you upgrade from Microsoft Exchange Server 4.0 or from Microsoft Exchange Server 5.x, the default location of the folder is C:\Exchsrvr\BIN.
  2. Right-click the BIN folder, and then click Properties.
  3. Click the Security tab.

    Note If the Security tab does not appear, you may not be using a drive that uses the NTFS file system. In this case, this issue is not caused by incorrect permissions.
  4. In the Name list, click Authenticated Users.

    If Authenticated Users does not appear in the list, click Add, and then add the Authenticated Users group.
  5. Verify that the Authenticated Users group has the following Allow permissions assigned:
    • Read & Execute
    • List Folder Contents
    • Read
  6. After you assign the correct permissions to the Authenticated Users group, click OK.
  7. In the Exchsrvr\BIN folder, right-click Msimsrv.dll, and then click Properties.
  8. Click the Security tab.
  9. In the Name list, click Authenticated Users.

    If Authenticated Users does not appear, click Add, and then add the Authenticated Users group.
  10. Verify that the Authenticated Users group has the following Allow permissions assigned:
    • Read & Execute
    • Read
  11. After you assign the correct permissions to the Authenticated Users group, click OK.
  12. Restart the World Wide Web Publishing Service.

MORE INFORMATION

The Msimsrv.dll file is an Internet Server API (ISAPI) filter that runs the Instant Messaging process under the Inetinfo process. Access to this file is required for Instant Messaging to function correctly.

For additional information about how to troubleshoot authentication issues in Exchange Instant Messaging, click the following article numbers to view the articles in the Microsoft Knowledge Base:

278974 Troubleshooting authentication failures in Instant Messaging

298421 XCCC: How to interpret Instant Messaging methods and response codes

Modification Type:MinorLast Reviewed:5/20/2004
Keywords:kbprb KB307217 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.