XADM: A Service that Runs as a LocalSystem Account Cannot Retrieve Address Book Information (306029)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q306029

SYMPTOMS

If a MAPI-based client tries to retrieve Address Book information while it is running as the LocalSystem account, the global catalog server does not return any Address Book information.

For additional information about DSProxy, click the following article number to view the article in the Microsoft Knowledge Base:

256976 XCLN: How MAPI Clients Access Active Directory

CAUSE

This behavior occurs because when a MAPI-based client first tries to retrieve Address Book information, it initially contacts the Exchange 2000 server. The Exchange 2000 server uses a process known as DSProxy to proxy this request to a global catalog server. If the MAPI-based client is actually a service that is running as LocalSystem, the service uses Kerberos as its authentication package. However, the DSProxy component of Exchange 2000 does not proxy the Kerberos authentication request to the global catalog server.

RESOLUTION

To work around this behavior, make changes to the MAPI profile so that the client can communicate directly with the global catalog server instead of by using DSProxy. To do so:
  1. In the Global Profile Section of the MAPI profile, set the PR_PROFILE_SERVER_VERSION property to 3000 (B80B0000 if you are using high-byte ordering).

    This setting explicity informs the MAPI subsystem that this profile can operate against an Exchange 2000 server and that the Address Book Provider should communicate directly with a global catalog server. For additional information about Global Profile Sections, click the following article number to view the article in the Microsoft Knowledge Base:

    188482 HOWTO: Open the Global Profile Section

  2. In the Global Profile Section of the MAPI profile, set the PR_PROFILE_AUTH_PACKAGE property to RPC_C_AUTHN_GSS_NEGOTIATE (defined as 9 in the rpcdce.h header file). For additional information, visit the following Microsoft Web site:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/htm/cmf_m2z_22yg.asp

    If you are using high-byte ordering, the entries in the Mapisvc.inf file appear similar to the following entries:

    PR_PROFILE_SERVER_VERSION B80B0000
    PR_PROFILE_AUTH_PACKAGE 09000000

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kbpending kbbug KB306029
©2004 Microsoft Corporation. All rights reserved.