Exchange authentication options
It seems clear to me that if you do not allow your Windows client to validate its machine account to Active Directory, but still log in with your valid domain user account, Exchange will work for a short period of time, then prompt you to revalidate. Unfortunately, the revalidation always fails.
Is there a way to configure Exchange to not require machine account validation when attaching via MAPI RPC?
You bet. In fact, I do it all the time. You can't stop the "revalidation" (authentication) process. What you should be able to do is configure the Security
tab on Outlook's profile properties to prompt you to type in credentials when opening Outlook to circumvent the credentials you are logged onto the local machine with. If you do not do this, Outlook will try to use the local (wrong) credential every time you go to open an e-mail on the server. This gives you the error you are experiencing.
If you are connecting to a mailbox on an Exchange 5.5 or Exchange 2000 server make sure that the Network Security option on the Security property tab is configured to allow NTLM (NT LAN Manager Authentication) in some way. If it is set to Kerberos only, then that could explain why you keep getting an error too. That is because Exchange 5.5 and even Exchange 2000 servers require NTLM authentication. Only Exchange 2003 supports Kerberos only.
Do you have comments on this Ask the Expert question and response? Let us know.
This was first published in February 2005