POP3 Service with Active Directory authentication

I experienced a problem trying to use Windows 2003 POP3 Service with Active Directory account...

It worked properly when the account was created manually account from the POP3 Service Console, when I tried to use the already existing account it gave me -ERR Logon Failure even if the event viewer show the logon/logoff successfully events.

I tried to reverse engineer the logic and I searched for some link between the User Account and the Mailbox, I didn't find any text files or registry keys so I looked into Active Directory DB with adsiedit.

Finally I discovered that all the account needed the UserPrincipalName equal to the e-mail address.

The new accounts were created with
UserPrincipalName = account001@domain.com
and the old account had
UserPrincipalName = account001@domain.local.
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment


Vittorio Pavesi said...

Another small tip to remember...
If you changed the mailroot folder, you must change the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Pop3 Service\MailRoot and add modify permission to the Network Service Account on Mailroot folder