Microsoft KB Archive/278974

= Troubleshooting authentication failures in Instant Messaging =

Article ID: 278974

Article Last Modified on 2/21/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q278974



SYMPTOMS
When you log on to Exchange Instant Messaging, you may receive the following error message:

Exchange Instant Messaging authentication failure. The person logged on to this computer does not have permission to use the specified e-mail address. Please supply an e-mail address and logon credentials for that address.



CAUSE
This issue may occur if any of the following conditions are true:
 * The World Wide Web Publishing Service (W3SVC) is stopped on the Instant Messaging home server or Instant Messaging router.
 * The properties of the Instant Messaging virtual server are configured incorrectly.
 * You are using a firewall or proxy server.
 * The Microsoft Internet Information Services (IIS) server directs the instant messaging request to the wrong virtual Web server.
 * You have enabled the Require secure channel (SSL) option on the Instant Messaging virtual directory in IIS.



Method 1
In the Internet Services Manager protocol log, you may see the following entry:

IIS Protocol Log:

2000-04-18 15:47:24 10.10.10.1 - 10.10.10.1 80 SUBSCRIBE

/instmsg/aliases/user1 - 404

If you perform a Network Monitor trace, you may see the following packet referencing the 404 HTTP response code:

2nd HTTP Response Packet:

Failure 404 (Not Found) Virtual server not found for SUBSCRIBE request on node 'IM Server'

Verify that the following Event IDs on the Instant Messaging home server or router (depending on where the error was logged) have been generated in the application event log:
 * Event ID 8199: Virtual server [Server Name: 80] started successfully.

If this event is not present in the application event log, the W3SVC service is not started.
 * Event ID 8194: The Microsoft Instant Messaging Server started successfully.

If this event is not present, the Instant Messaging Server service has not been started.

For either event, restart the World Wide Web Publishing Service by performing the following steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Services.
 * 2) Right-click the World Wide Web Publishing Service, and then click Restart.

For additional information about Microsoft Internet Information Services (IIS) Protocol Logging and Instant Messaging, click the following article number to view the article in the Microsoft Knowledge Base:

266754 XADM: How to configure Instant Messaging Logging

For additional information about why the Instant Messaging Virtual Servers will not start, click the following article number to view the article in the Microsoft Knowledge Base:

279095 XCCC: Instant Messaging Virtual Servers do not start

Method 2
Verify the Instant Messaging virtual server's properties:  In Exchange System Manager, locate your Instant Messaging virtual server under the Protocols container. Right-click your Instant Messaging virtual server, and then click Properties. If the DNS name on the General tab has no host name for the server that is hosting your Instant Messaging virtual server, proceed to step 4. If there is a host name, proceed to Method 3. Delete your Instant Messaging virtual server by right-clicking the Instant Messaging virtual server, and then clicking Delete. Re-create your Instant Messaging virtual server with the correct DNS name by right-clicking the Instant Messaging (RVP) node under the Protocols container, clicking New, clicking Instant Messaging Virtual Server, and then clicking Next. Type the display name, and then click Next.</li> Click the appropriate IIS Web site, and then click Next.</li> Type the fully qualified domain name (FQDN) of the server that is hosting your Instant Messaging virtual server, and then click Next.

Note You can choose to use another host name, however, this requires additional configuration steps that are outside the scope of this article. For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

168322 Creating a DNS Alias record

190008 HOW TO: Use host header names to host multiple sites from one IP address in IIS 5.0

319758 XCCC: Exchange 2000 Server Instant Messaging Authentication does not succeed

</li> Click to select the Allow this server to host user accounts check box, and then click Next.</li> Click Finish.</li></ol>

Using this method, Instant Messenger users should be able to log on using the following Instant Messaging user address format:

Method 3
If your organization uses a firewall or proxy server, NTLM authentication may not be working. The Instant Messaging client uses Microsoft Internet Explorer proxy settings, so you must add your Instant Messaging domain to the Internet Explorer Exceptions list. To modify the Exceptions list:
 * 1) In Microsoft Internet Explorer 5 and later, click Internet Options on the Tools menu. In Microsoft Internet Explorer 4.x, click Internet Options on the View menu.
 * 2) Click the Connections tab.
 * 3) Click the LAN Settings button.
 * 4) Click the Advanced button in the Local Area Network (LAN) Settings dialog box.
 * 5) In the Exceptions box, under Do not use proxy server for addresses beginning with, type your domain name preceded by an asterisk (*). For example, if your domain were microsoft.com, you would type *.microsoft.com.

For additional information about authentication and proxy servers, click the following article number to view the article in the Microsoft Knowledge Base:

198116 Authentication options and limitations using Proxy Server 2.0

Method 4
If your server has more than one site, view the host headers and Internet Protocol (IP)/port bindings to make sure that the IIS server is not sending the request to the wrong virtual web server.

Method 5
In the IIS protocol log that, by default, is located in the C:\Winnt\System32\Logfiles\W3svc1 folder, you may see a 403 HTTP Response Code entry that is similar to the following:

(2002-05-08 09:13:22 157.60.71.131 - W3SVC1 READEC-EX2K-01 157.60.71.218 80 SUBSCRIBE /instmsg/aliases/readec - 403 -)

To resolve this issue, disable Secure Sockets Layer (SSL) on the Instant Messaging virtual directory in IIS. To do so, follow these steps on the computer that is running Microsoft Exchange 2000 Server:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
 * 2) Double-click the Default Web Site folder, and then locate InstMsg virtual directory.
 * 3) Right-click InstMsg virtual directory, and then click Properties.
 * 4) Click the Directory Security tab.
 * 5) Click Edit under Secure Communications, and then click to clear the Require secure channel (SSL) check box.

Note If the Require 128-bit encryption check box is selected, click to clear the Require 128-bit encryption check box.
 * 1) Click OK two times to close each dialog box.
 * 2) Stop and then restart the Default Web Site in Internet Services Manager.

Additional query words: IM exch2kp2w

Keywords: kberrmsg kbfaq kbprb KB278974

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.