DOCUMENT:Q146188 08-DEC-2000 [exchange] TITLE :XCLN: Use Network Security Option Not Working as Expected PRODUCT :Microsoft Exchange PROD/VER::4.0 OPER/SYS: KEYWORDS:kbusage ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, version 4.0 - Microsoft Exchange Windows 3.x client, version 4.0 - Microsoft Outlook 2000 - Microsoft Outlook 98 ------------------------------------------------------------------------------- SUMMARY ======= The Microsoft Exchange client Use Network Security During Logon check box does not always function as expected. This option might not allow a user to access another user's mailbox even though the proper Windows NT credentials for the other mailbox were typed. When this occurs, the user will receive the following error message: The set of folders could not be opened. You do not have permission to log on. In addition, the user may be prompted to type Windows NT credentials even though they have selected Use Network Security During when logging on. MORE INFORMATION ================ When named pipes is listed first in the binding order and the profile is set to not use network security during logon, the Microsoft Exchange client will prompt the user for Windows NT credentials. However, it will not use them to actually connect to the Microsoft Exchange Server and the user will be denied access. If TCP/IP is listed first in the binding order, the Microsoft Exchange client will always ask for the Windows NT domain credentials regardless of the setting for Use Network Security During logon. In this case, the typed in Windows NT domain credentials will be used and the user will be allowed access. For additional information, please see the following article in the Microsoft Knowledge Base: Q161866 XCLN: Stopping Windows 3.x Clients from Prompting for a Domain STATUS ====== This is by design. If the user connects over raw IP or IPX there is no current authenticated session and thus the user is prompted for NT credentials. These credentials are then passed in on the RPC calls. The user is only prompted for NT credentials when there are no authenticated session already active. If the user is using Named Pipes, they are already running within the context of an authenticated session and thus will never be prompted for their NT credentials. Additional query words: ====================================================================== Keywords : kbusage Technology : kbOutlookSearch kbExchangeSearch kbExchange400 kbExchangeClientSearch kbZNotKeyword2 kbOutlook2000Search kbOutlook98Search kbZNotKeyword3 Version : :4.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.