Article ID: 918710 - View products that this article applies to.
MAPI applications use a remote procedure call (RPC)-based protocol to communicate with servers that are running Microsoft Exchange Server. Microsoft Outlook and Exchange Server each include a different version of the MAPI store provider library (Emsmdb32.dll). Emsmdb32.dll handles this RPC communication.
The Exchange version of the MAPI store provider was not designed to work with Kerberos authentication, and does not support Kerberos authentication. No update is available for the Exchange store provider to make the provider work with Kerberos, and no such update is planned.
The following scenario describes an example in which Active Server Pages (ASP) applications may experience issues that are related to this non-support of Kerberos authentication.
ASP applications experience MAPI_E_LOGON_FAILED errors when the following conditions are true:
When you run the same ASP Web application in Internet Explorer directly on the server that is running IIS, this error does not occur. In this case, Kerberos authentication is not needed.
To work around this issue, use one of the following methods.
Use Basic authentication with SSLBasic authentication generates an interactive token which can be passed to different servers. The drawback with Basic authentication is that users are prompted for a user name and password. Additionally, the user name and password are sent to the server in clear text. Therefore, if you use Basic authentication, make sure that you use Secure Sockets Layer (SSL) for the Web application.
Use WebDAVWebDAV uses HTTP requests and responses together with XML to query, to create, and to modify Exchange data. Because you are using HTTP requests, IIS handles authentication.
Host the Web application on the Exchange serverKerberos is used to pass credentials between servers. Therefore, if the Web application and Exchange are on the same server, you do not have to use Kerberos. In this case, the Web application will not experience the issue that is described in this article.
For more information about how Outlook, CDO, MAPI, and providers work together, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/aa996249.aspxFor more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/266418/ )Microsoft does not support installing Exchange Server components and Outlook on the same computer
For more information about Kerberos authentication, visit the following Microsoft Web site:
Article ID: 918710 - Last Review: October 25, 2007 - Revision: 1.3