CAUSE
This problem occurs when the Microsoft Exchange Server service account does
not have the <Act as part of the operating system> Windows NT user right.
This only happens if the client tries to use basic (clear text)
authentication.
Below is an example of the type of event you will see in the Event Viewer:
Event ID: 11202
Source: MSExchangePOP3
Type: Failure Audit
Description: Logon attempt from to has failed: HrLookupCredentials()
call failed with error: A required privilege is not held by the client.
You can use telnet to verify that the Microsoft Exchange Server service
account is missing the <Act as part of the operating system> right. To test
this with telnet, perform the following steps:
- On Windows NT or Windows 95, open a command prompt.
- At the command prompt, type <telnet [name of computer running Microsoft
Exchange Server] 110>.
You will get a connection to the computer running Microsoft Exchange
Server. The server will issue a greeting banner that may appear as:
+OK Microsoft Exchange POP3 Server version 5.0.1457.10 ready
The sample telnet session below demonstrates how to verify that the
Microsoft Exchange Server computer is missing the required right. In this
sample, lines starting with S> are sent by the server and lines starting
with C> were sent by the client (telnet).
S> +OK Microsoft Exchange POP3 Server version 5.0.1457.10 ready
C> USER <userid>
S> +OK
C> PASS <password>
S> -ERR A required privilege is not held by the client.
If the Microsoft Exchange Server service account does not have the <Act as
part of the operating system> user right, an error will be returned after
the PASS command.