Microsoft KB Archive/317339

= XCCC: Exchange 2000 Instant Messaging Authentication Failure =

PSS ID Number: 317339

Article Last Modified on 9/19/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server SP2
 * Microsoft Exchange 2000 Server SP1

-



This article was previously published under Q317339



SYMPTOMS
When Instant Messaging users try to log on, they may receive the following error message:

Exchange Instant Messaging authentication failure.

The person logged on to this computer does not have permission to use the specified e-mail address. Please supply an e-mail address and logon credentials for that address.



CAUSE
This issue may occur if you have enabled the Require secure channel (SSL) option on the Instant Messaging virtual directory in Microsoft Internet Information Service (IIS).

Meanwhile, in the W3SVC protocol log that is located in the C:\Winnt\System32\Logfiles\W3svc1 folder, you may see the following 403 HTTP Response Code entry:

(2002-05-08 09:13:22 157.60.71.131 - W3SVC1 READEC-EX2K-01 157.60.71.218 80 SUBSCRIBE /instmsg/aliases/readec - 403 -)



RESOLUTION
To resolve this issue, disable Secure Sockets Layer (SSL) on the Instant Messaging virtual directory in IIS. To do so, follow these steps on your Exchange 2000 server:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
 * 2) Expand the default Web site, and browse to the Instant Messaging virtual directory.
 * 3) Right-click the Instant Messaging virtual directory, and then click Properties.
 * 4) Click the Directory Security tab.
 * 5) Click Edit under the Secure Communications section, and then click to clear the Require secure channel (SSL) check box.

Note If Require 128-bit encryption is selected, click to clear the Require 128-bit encryption check box.
 * 1) Click OK twice to close each dialog box.
 * 2) Stop and then re-start the default Web site in IIS.



MORE INFORMATION
In the W3SVC protocol log that is located in the C:\Winnt\System32\Logfiles\W3svc1 folder, you may see the following 403 HTTP Response Code entry:

(2002-01-04 12:59:15 193.122.15.67 sci\siebertm 192.168.28.67 443 POLL /exchange/JANE/Inbox - 207 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0) 2002-01-04 12:59:41 192.168.28.103 - 192.168.28.67 80 SUBSCRIBE /instmsg/aliases/JOHN.SMITH - 403)

Description: The server understood the request, but is refusing to fulfill it. Authorization does not help and the request should not be repeated. If the request method is not HEAD, the server may make public why the request has not been fulfilled. In such a case, the server describes the reason for the refusal in the entity. The 403 Response code is commonly used when the server cannot reveal exactly why the request has been refused, or when no other response is applicable. For additional information about Microsoft Internet Information Services (IIS) Protocol Logging and Instant Messenger, click the article number below to view the article in the Microsoft Knowledge Base:

266754 XADM: How to Configure Instant Messaging Logging

For additional information about other causes of this particular error, click the article numbers below to view the articles in the Microsoft Knowledge Base:

278974 XCCC: Troubleshooting Authentication Failures in Instant Messaging

319758 XCCC: Exchange 2000 Server Instant Messaging Authentication Does Not Succeed

Additional query words: W3SVC 403 InstMsg IM

Keywords: kbprb KB317339

Technology: kbExchange2000Search kbExchange2000ServSearch kbExchange2000ServSP1 kbExchange2000ServSP2 kbExchangeSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.