XCLN: Use Network Security Option not Working as Expected

• Microsoft Exchange Server, version 4.0
• Microsoft Exchange Client for 16 bit Windows

SUMMARY

The Microsoft Exchange client Use Network Security During Logon check box does not always function as expected. This option might not allow a user to access another user’s mailbox even though the proper NT credentials for the other mailbox were entered. When this occurs, the user will receive the following error message:

   The set of folders could not be opened.
   You do not have permission to log on.

MORE INFORMATION

When named pipes is listed first in the binding order and the profile is set to not use network security during logon, the Microsoft Exchange client will prompt the user for NT credentials. However, it will not use them to actually connect to the Microsoft Exchange Server and the user will be denied access. If TCP/IP is listed first in the binding order, the Microsoft Exchange client will always ask for the NT domain credentials regardless of the setting for Use Network Security During Logon. In this case, the entered NT domain credentials will be used and the user will be allowed access.

For additional information, please see the following article in the Microsoft Knowledge Base:

   ARTICLE-ID: Q161866
   TITLE     : XCLN: Stopping Windows 3.x Clients from Prompting for a
               Domain

STATUS

This is by design. If the user connects over raw IP or IPX there is no current authenticated session and thus the user is prompted for NT credentials. These credentials are then passed in on the RPC calls. The user is only prompted for NT credentials when there are no authenticated session already active. If the user is using Named Pipes, they are already running within the context of an authenticated session and thus will never be prompted for their NT credentials.