POP3 Service with Active Directory authentication


I experienced a problem trying to use Windows 2003 POP3 Service with Active Directory account...

It worked properly when the account was created manually account from the POP3 Service Console, when I tried to use the already existing account it gave me -ERR Logon Failure even if the event viewer show the logon/logoff successfully events.

I tried to reverse engineer the logic and I searched for some link between the User Account and the Mailbox, I didn't find any text files or registry keys so I looked into Active Directory DB with adsiedit.

Finally I discovered that all the account needed the UserPrincipalName equal to the e-mail address.

The new accounts were created with
UserPrincipalName = account001@domain.com
and the old account had
UserPrincipalName = account001@domain.local.
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment

1 comments:

Vittorio Pavesi said...

Another small tip to remember...
If you changed the mailroot folder, you must change the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Pop3 Service\MailRoot and add modify permission to the Network Service Account on Mailroot folder