This article was previously published under Q306029
This article has been archived. It is offered "as is" and will no longer be updated.
If a MAPI-based client tries to retrieve Address Book information while it is running as the LocalSystem account, the global catalog server does not return any Address Book information.
For additional information about DSProxy, click the following article number to view the article in the Microsoft Knowledge Base:
256976 XCLN: How MAPI Clients Access Active Directory
This behavior occurs because when a MAPI-based client first tries to retrieve Address Book information, it initially contacts the Exchange 2000 server. The Exchange 2000 server uses a process known as DSProxy to proxy this request to a global catalog server. If the MAPI-based client is actually a service that is running as LocalSystem, the service uses Kerberos as its authentication package. However, the DSProxy component of Exchange 2000 does not proxy the Kerberos authentication request to the global catalog server.
To work around this behavior, make changes to the MAPI profile so that the client can communicate directly with the global catalog server instead of by using DSProxy. To do so:
In the Global Profile Section of the MAPI profile, set the PR_PROFILE_SERVER_VERSION property to 3000 (B80B0000 if you are using high-byte ordering).
This setting explicity informs the MAPI subsystem that this profile can operate against an Exchange 2000 server and that the Address Book Provider should communicate directly with a global catalog server. For additional information about Global Profile Sections, click the following article number to view the article in the Microsoft Knowledge Base:
In the Global Profile Section of the MAPI profile, set the PR_PROFILE_AUTH_PACKAGE property to RPC_C_AUTHN_GSS_NEGOTIATE (defined as 9 in the rpcdce.h header file). For additional information, visit the following Microsoft Web site: