XADM: A Service that Runs as a LocalSystem Account Cannot Retrieve Address Book Information

This article was previously published under Q306029
This article has been archived. It is offered "as is" and will no longer be updated.
Symptoms
If a MAPI-based client tries to retrieve Address Book information while it is running as the LocalSystem account, the global catalog server does not return any Address Book information.

For additional information about DSProxy, click the following article number to view the article in the Microsoft Knowledge Base:
256976 XCLN: How MAPI Clients Access Active Directory
Cause
This behavior occurs because when a MAPI-based client first tries to retrieve Address Book information, it initially contacts the Exchange 2000 server. The Exchange 2000 server uses a process known as DSProxy to proxy this request to a global catalog server. If the MAPI-based client is actually a service that is running as LocalSystem, the service uses Kerberos as its authentication package. However, the DSProxy component of Exchange 2000 does not proxy the Kerberos authentication request to the global catalog server.
Resolution
To work around this behavior, make changes to the MAPI profile so that the client can communicate directly with the global catalog server instead of by using DSProxy. To do so:
  1. In the Global Profile Section of the MAPI profile, set the PR_PROFILE_SERVER_VERSION property to 3000 (B80B0000 if you are using high-byte ordering).

    This setting explicity informs the MAPI subsystem that this profile can operate against an Exchange 2000 server and that the Address Book Provider should communicate directly with a global catalog server. For additional information about Global Profile Sections, click the following article number to view the article in the Microsoft Knowledge Base:
    188482 HOWTO: Open the Global Profile Section
  2. In the Global Profile Section of the MAPI profile, set the PR_PROFILE_AUTH_PACKAGE property to RPC_C_AUTHN_GSS_NEGOTIATE (defined as 9 in the rpcdce.h header file). For additional information, visit the following Microsoft Web site: If you are using high-byte ordering, the entries in the Mapisvc.inf file appear similar to the following entries:
    PR_PROFILE_SERVER_VERSION B80B0000
    PR_PROFILE_AUTH_PACKAGE 09000000
Status
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.
PR_PROFILE_AUTH_PACKAGE RPC_C_AUTHN_GSS_NEGOTIATE
Properties

Article ID: 306029 - Last Review: 10/26/2013 06:10:00 - Revision: 2.0

  • Microsoft Exchange 2000 Server Standard Edition
  • kbnosurvey kbarchive kbpending kbbug KB306029
Feedback