Microsoft KB Archive/171435
Article ID: 171435
Article Last Modified on 10/28/2006
- Microsoft Exchange Server 5.0 Standard Edition
This article was previously published under Q171435
POP3 users are unable to log on to a Microsoft Exchange Server computer. When the logon attempt fails, an event 11202 is logged in the application event log.
This problem occurs when the Microsoft Exchange Server service account does not have the <Act as part of the operating system> Windows NT user right. This only happens if the client tries to use basic (clear text) authentication.
Below is an example of the type of event you will see in the Event Viewer:
Event ID: 11202 Source: MSExchangePOP3 Type: Failure Audit Description: Logon attempt from to has failed: HrLookupCredentials() call failed with error: A required privilege is not held by the client.
You can use telnet to verify that the Microsoft Exchange Server service account is missing the <Act as part of the operating system> right. To test this with telnet, perform the following steps:
- On Windows NT or Windows 95, open a command prompt.
- At the command prompt, type <telnet [name of computer running Microsoft Exchange Server] 110>.
You will get a connection to the computer running Microsoft Exchange Server. The server will issue a greeting banner that may appear as:
+OK Microsoft Exchange POP3 Server version 5.0.1457.10 ready
The sample telnet session below demonstrates how to verify that the Microsoft Exchange Server computer is missing the required right. In this sample, lines starting with S> are sent by the server and lines starting with C> were sent by the client (telnet).
S> +OK Microsoft Exchange POP3 Server version 5.0.1457.10 ready C> USER <userid> S> +OK C> PASS <password> S> -ERR A required privilege is not held by the client.
If the Microsoft Exchange Server service account does not have the <Act as part of the operating system> user right, an error will be returned after the PASS command.
To grant the appropriate right to the Microsoft Exchange Server service account, perform the following steps:
- Start User Manager for Domains.
- From the Policies menu, select User Rights.
- Select the Show Advanced User Rights check box.
- From the list of rights, select Act as part of the operating system.
- Select Add.
- Select the Show Users button.
- Select the Exchange Server service account.
- Click Add.
- Click OK until you have completely exited all dialog boxes.
Keywords: kbhowto kbusage KB171435