Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/249892

From BetaArchive Wiki
Knowledge Base

User in trusted domain cannot use Outlook to log on to Exchange Server

Article ID: 249892

Article Last Modified on 12/29/2006


  • Microsoft Exchange Server 5.5 Standard Edition

This article was previously published under Q249892


When you try to use Microsoft Outlook to log on to Microsoft Exchange Server 5.5, you may receive the following error message:

Unable to open your default mail folders. You do not have permission to log on.

The following information appears in Event Viewer on the Exchange Server computer:

Event ID: 1021
Source: MSExchangeIS
Description: Domain/user was unable to connect as <x500 dn> error 0x3f2

This behavior occurs in a multiple domain network where the trust relationships are correctly established and where the Exchange Server computer is located in a different domain from the users. Other users in the domain are authenticated.

This problem occurs even if a new account and mailbox are created for you.


This issue may occur if you do not have the correct NTFS file system permissions on the Exchsrvr folder on the Exchange Server computer.


To resolve this issue, grant permissions to the Domain Users group on the Exchsrvr folder:

  1. Grant Full Control permissions to the Domain Users group on the Exchsrvr folder, and then propagate permissions to all subfolders.
  2. Confirm that the user who cannot log on is not a member of a group that was granted No Access permissions to the Exchsrvr folder.
  3. Stop and then restart the directory service.

Additional query words: NTFS permissions rights logon XCLN

Keywords: kbprb KB249892