"The information store could not be opened" error message when you try to retrieve the client permissions of a public folder in Exchange 2003

Article translations Article translations
Article ID: 842019 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Expand all | Collapse all

On This Page

SYMPTOMS

When you try to retrieve the client permissions of a public folder by using Exchange System Manager in Microsoft Exchange Server 2003, you may receive the following error message:

The information store could not be opened. The logon to the Microsoft Exchange server computer failed.
MAPI 1.0
ID no: 80040111-0286-00000000
ID no: C1050000
Exchange System Manager

CAUSE

This problem may occur if the user account that you are using Exchange System Manager under belongs to many groups.

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Exchange Server 2003 . For more information, click the following article number to view the article in the Microsoft Knowledge Base:
836993 How to obtain the latest service packs for Exchange Server 2003

Other resolution methods

This problem involves a buffering problem with the Wininet component in Microsoft Internet Explorer. To resolve this problem, use one of the following methods:

Method 1

  1. Install the hotfix that is listed in the following article:
    277741 Internet Explorer logon fails due to an insufficient buffer for Kerberos
  2. Set the MaxTokenSize registry value on all client computers.

Method 2

  1. Install Microsoft Windows 2000 Service Pack 2 or a later Windows 2000 service pack.
  2. Set the MaxTokenSize registry value on all client computers.

Method 3

  1. Update Microsoft Internet Explorer.

    To obtain the latest version of Internet Explorer, visit the following Microsoft Web site.
    http://www.microsoft.com/ie
  2. Set the MaxTokenSize registry value on all client computers.
How to set the MaxTokenSize registry value
This resolution provides a registry value that you can use to increase the size of the Kerberos version 5 protocol token. For example, if you increase the token size to 64 kilobytes (KB), a user can belong to more than 1600 groups. Because of the associated security identifier (SID) information, this number may vary.

To set this registry value, follow these steps:

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
    Note If the
    Parameters
    subkey is not listed under the
    Kerberos
    subkey, follow these steps:
    1. Right-click Kerberos, point to New, and then click Key.
    2. Type Parameters, and then press ENTER.
  3. Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
  4. Double-click MaxTokenSize, set the decimal value to 65535, and then click OK.

    Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 65535 or that you set the hexadecimal value to FFFF. If you incorrectly set this value to 65535 hexadecimal, Kerberos authentication operations may fail. Additionally, programs may return errors. The 65535 hexadecimal value is an extremely large value.
  5. Quit Registry Editor.
  6. After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.

    Note Although you must update the domain controllers individually, you can use Group Policy settings to set this registry value for client computers that have also been updated. You must configure all client computers and all servers in the domain with this registry modification. You must also install Microsoft Windows 2000 Service Pack 2 or the hotfix in Method 1 on all the computers.

WORKAROUND

To work around this problem, reduce the number of groups that your user account belongs to.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Exchange Server 2003 Service Pack 1.

MORE INFORMATION

For more information about Kerberos token size configuration and support in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:
263693 Group Policy may not be applied to users belonging to many groups

Properties

Article ID: 842019 - Last Review: October 25, 2007 - Revision: 3.3
APPLIES TO
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
Keywords: 
kbexchange2003sp1fix kberrmsg kbqfe kbfix kbbug KB842019

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com