Microsoft KB Archive/842019

= &quot;The information store could not be opened&quot; error message when you try to retrieve the client permissions of a public folder in Exchange 2003 =

Article ID: 842019

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange Server 2003 Enterprise Edition

-





Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
When you try to retrieve the client permissions of a public folder by using Exchange System Manager in Microsoft Exchange Server 2003, you may receive the following error message:

The information store could not be opened. The logon to the Microsoft Exchange server computer failed.

MAPI 1.0

ID no: 80040111-0286-00000000

ID no: C1050000

Exchange System Manager



CAUSE
This problem may occur if the user account that you are using Exchange System Manager under belongs to many groups.



Service pack information
To resolve this problem, obtain the latest service pack for Exchange Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

836993 How to obtain the latest service packs for Exchange Server 2003

Other resolution methods
This problem involves a buffering problem with the Wininet component in Microsoft Internet Explorer. To resolve this problem, use one of the following methods:

Method 1
 Install the hotfix that is listed in the following article:

277741 Internet Explorer logon fails due to an insufficient buffer for Kerberos

 Set the MaxTokenSize registry value on all client computers.

Method 2

 * 1) Install Microsoft Windows 2000 Service Pack 2 or a later Windows 2000 service pack.
 * 2) Set the MaxTokenSize registry value on all client computers.

Method 3
 Update Microsoft Internet Explorer.

To obtain the latest version of Internet Explorer, visit the following Microsoft Web site.

http://www.microsoft.com/ie

 Set the MaxTokenSize registry value on all client computers.</ol>

How to set the MaxTokenSize registry value
This resolution provides a registry value that you can use to increase the size of the Kerberos version 5 protocol token. For example, if you increase the token size to 64 kilobytes (KB), a user can belong to more than 1600 groups. Because of the associated security identifier (SID) information, this number may vary.

To set this registry value, follow these steps:

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.  Click Start, click Run, type regedit, and then click OK.</li> Locate and then click the following subkey:

Note If the  subkey is not listed under the   subkey, follow these steps:  Right-click Kerberos, point to New, and then click Key.</li> Type Parameters, and then press ENTER.</li></ol> </li> Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize .</li> Double-click MaxTokenSize, set the decimal value to 65535, and then click OK.

Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 65535 or that you set the hexadecimal value to FFFF. If you incorrectly set this value to 65535 hexadecimal, Kerberos authentication operations may fail. Additionally, programs may return errors. The 65535 hexadecimal value is an extremely large value.</li> Quit Registry Editor.</li> After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.

Note Although you must update the domain controllers individually, you can use Group Policy settings to set this registry value for client computers that have also been updated. You must configure all client computers and all servers in the domain with this registry modification. You must also install Microsoft Windows 2000 Service Pack 2 or the hotfix in Method 1 on all the computers.</li></ol>

<div class="workaround_section">

WORKAROUND
To work around this problem, reduce the number of groups that your user account belongs to.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Exchange Server 2003 Service Pack 1.

<div class="moreinformation_section">

MORE INFORMATION
For more information about Kerberos token size configuration and support in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

263693 Group Policy may not be applied to users belonging to many groups

Additional query words: e2k3

Keywords: kbexchange2003sp1fix kberrmsg kbqfe kbfix kbbug KB842019

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.