Microsoft KB Archive/938444

= Clients cannot log on to Exchange Server 2007 mailboxes by using Outlook or Outlook Web Access in a mixed Exchange Server 2003 and Exchange Server 2007 environment =

Article ID: 938444

Article Last Modified on 7/27/2007

-

APPLIES TO


 * Microsoft Exchange Server 2007 Enterprise Edition
 * Microsoft Exchange Server 2007 Standard Edition

-



SYMPTOMS
In a mixed Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007 environment, clients cannot log on to Exchange Server 2007 mailboxes by using Microsoft Outlook or Microsoft Office Outlook Web Access.

Additionally, clients receive one of the following error messages when they try to log on to Exchange Server 2007, depending on whether they use Outlook or Outlook Web Access.

Outlook

Unable to open your default e-mail folder. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.

Outlook Web Access

Outlook Web Access could not find a mailbox for DOMAIN\USER. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange Server 2003, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted.

Note This issue does not occur when clients log on to mailboxes that are located on a computer that is running Exchange Server 2003.

Additionally, if you move the mailbox from Exchange Server 2003 to Exchange Server 2007, you receive the following error message:

-1056749241

This issue occurs after you successfully install Exchange Server 2007 with the following roles:
 * Hub Transport
 * Client Access Server
 * Mailbox

Additionally, you can successfully create new mailboxes in Exchange Server 2007.



CAUSE
This issue occurs if Read permissions were removed for the Authenticated Users group in an organizational unit.

When this occurs, Exchange Server 2003 continues to authenticate clients. However, in Exchange Server 2007, the Exchange Servers group is a member of the Authenticated Users group, and this group is missing the Read permissions for address lists. Exchange Server 2007 uses the ShowInAddressBook attribute to authenticate clients.



RESOLUTION
To resolve this issue, grant Read permissions to the Authenticated Users group in the organizational unit where the user account is located.

Note In special hosting environments, you may not be able or willing to grant authenticated users Read permissions. In this scenario, you can grant Read permissions to the Exchange Servers group in the organizational unit. When you do this, the client logs on successfully.

Keywords: kberrmsg kbtshoot kbprb kbexch2007prev KB938444

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.