"The information store could not be opened" error message when you try to retrieve the client permissions of a public folder in Exchange 2003 (842019)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you try to retrieve the client permissions of a public folder by using Exchange System Manager in Microsoft Exchange Server 2003, you may receive the following error message:

The information store could not be opened. The logon to the Microsoft Exchange server computer failed.
MAPI 1.0
ID no: 80040111-0286-00000000
ID no: C1050000
Exchange System Manager

CAUSE

This problem may occur if the user account that you are using Exchange System Manager under belongs to many groups.

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Exchange Server 2003 . For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

836993 How to obtain the latest service packs for Exchange Server 2003

Other resolution methods

This problem involves a buffering problem with the Wininet component in Microsoft Internet Explorer. To resolve this problem, use one of the following methods:

Method 1

  1. Install the hotfix that is listed in the following article:

    277741 Internet Explorer logon fails due to an insufficient buffer for Kerberos

  2. Set the MaxTokenSize registry value on all client computers.

Method 2

  1. Install Microsoft Windows 2000 Service Pack 2 or a later Windows 2000 service pack.
  2. Set the MaxTokenSize registry value on all client computers.

Method 3

  1. Update Microsoft Internet Explorer.

    To obtain the latest version of Internet Explorer, visit the following Microsoft Web site.

    http://www.microsoft.com/ie

  2. Set the MaxTokenSize registry value on all client computers.
How to set the MaxTokenSize registry valueThis resolution provides a registry value that you can use to increase the size of the Kerberos version 5 protocol token. For example, increasing the token size to 100 kilobytes (KB) permits a user to belong to more than 900 groups. Because of the associated security identifier (SID) information, this number may vary.

To set this registry value, follow these steps:

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos

    Note If the Parameters subkey is not listed under the Kerberos subkey, follow these steps:
    1. Right-click Kerberos, point to New, and then click Key.
    2. Type Parameters, and then press ENTER.
  3. Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
  4. Double-click MaxTokenSize, set the decimal value to 100000, and then click OK.

    Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 100000 or that you set the hexadecimal value to 186a0. If you incorrectly set this value to 100000 hexadecimal, Kerberos authentication operations may fail, and programs may return errors. The 100000 hexadecimal value is an extremely large value.
  5. Quit Registry Editor.
  6. After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.

    Note Although you must update the domain controllers individually, you can use Group Policy settings to set this registry value for client computers that have also been updated. You must configure all client computers and all servers in the domain with this registry modification. You must also install Microsoft Windows 2000 Service Pack 2 or the hotfix in Method 1 on all the computers.

WORKAROUND

To work around this problem, reduce the number of groups that your user account belongs to.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Exchange Server 2003 Service Pack 1.

MORE INFORMATION

For additional information about Kerberos token size configuration and support in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

263693 Group Policy may not be applied to users belonging to many groups

280830 Kerberos authentication may not work if user is a member of many groups

Modification Type:MinorLast Reviewed:11/7/2005
Keywords:kbExchange2003sp1fix kberrmsg kbQFE kbfix kbBug KB842019 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.