Troubleshooting CDO (1.x) error MAPI_E_LOGON_FAILED (80040111) (181739)


The information in this article applies to:

  • Collaboration Data Objects (CDO) 1.21
  • Collaboration Data Objects (CDO) 1.1
  • Collaboration Data Objects (CDO) 1.2
This article was previously published under Q181739

SYMPTOMS

This article discusses some of the causes and resolutions for the following error messages pertaining to CDO (1.1, 1.2, 1.21):
Collaboration Data Objects error '000004f9'
The information store could not be opened.
[MAPI 1.0 - [MAPI_E_LOGON_FAILED(80040111)]]
-or-
401.1 Unauthorized: Logon Failed

CAUSE

Here are four possible reasons for this error:
  1. You are trying to access a mailbox that does not exist or you are using invalid logon information.
  2. You have insufficient rights on the Exchange mailbox.
  3. If you are running code in an Active Server Page (ASP), you may have insufficient rights on the Microsoft Internet Information Server (IIS) computer.
  4. You are relying on password synchronization in Microsoft Internet Information Server (IIS) version 4.0 to authenticate the Anonymous User specified in IIS.

RESOLUTION

The following resolutions match the causes listed in the CAUSE section.
  1. If you are passing a profile name in your logon line, make sure the profile exists on the computer where the logon line runs. For a Visual Basic application running on a client, the profile must exist on the client running the application. If you are running a Web application, you should use the ProfileInfo parameter on the Logon method to create a profile programmatically instead of specifying a profile name.

    When logging on to a mailbox from a server application (for example, an ASP running under IIS), be sure that you pass False for the ShowDialog parameter. Failure to do so could result in a MAPI_E_LOGON_FAILED error if you pass any invalid parameters.

    If you are passing a ProfileInfo as part of your logon line, check the name of the mailbox and Exchange server to make sure they exists, and that the Exchange server is up.

    Note The Logon method can succeed even when using a resource that does not exist or invalid parameters. When you try to use a server resource (for example, an Outbox or an Inbox) for the first time, you receive the error shown in the "Symptoms" section. To verify that you have logged onto a valid Exchange mailbox, check the CurrentUser property of the CDO (1.1, 1.2, 1.21) Session object. This does not verify your permissions to that mailbox.)
  2. To logon to a mailbox, you have to specify the owner of the mailbox as someone that has an account on the Windows NT Domain, or someone that has logon permissions to that mailbox.
  3. The account that you are logged into under IIS must have "Log on Locally" rights to the IIS computer. The account must be granted this right explicitly, or be part of a local group that has "Log on Locally" rights. These rights are granted through the "User Manager" on the IIS computer.
  4. Internet Information Server (IIS) version 4.0 has an additional feature that allows for password synchronization between IIS 4.0 and the computer user accounts. Password synchronization should only be used with user accounts defined on the local computer, not with user accounts on remote computers. This feature will not work to authenticate an anonymous user to a remote Exchange server.

    To turn off password synchronization, following these steps:
    1. Right-click the virtual directory in question.
    2. Click Properties.
    3. Click the Directory Security tab.
    4. Click Allow Anonymous Access.
    5. Click Edit.
    6. Click to clear the Enable Automatic Password Synchronization option.
    7. Click OK two times, and then click Apply to save the settings.
Modification Type:MajorLast Reviewed:6/30/2005
Keywords:kbBug kbFAQ kbMsg kbpending kbprb KB181739 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.