Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "The information store could not be opened" error message when you try to retrieve the client permissions of a public folder in Exchange 2003

"The information store could not be opened" error message when you try to retrieve the client permissions of a public folder in Exchange 2003

View products that this article applies to.

Symptoms

When you try to retrieve the client permissions of a public folder by using Exchange System Manager in Microsoft Exchange Server 2003, you may receive the following error message:

The information store could not be opened. The logon to the Microsoft Exchange server computer failed.
MAPI 1.0
ID no: 80040111-0286-00000000
ID no: C1050000
Exchange System Manager

↑ Back to the top

Cause

This problem may occur if the user account that you are using Exchange System Manager under belongs to many groups.

↑ Back to the top

Resolution

Service pack information

To resolve this problem, obtain the latest service pack for Exchange Server 2003 . For more information, click the following article number to view the article in the Microsoft Knowledge Base:
836993 How to obtain the latest service packs for Exchange Server 2003

Other resolution methods

This problem involves a buffering problem with the Wininet component in Microsoft Internet Explorer. To resolve this problem, use one of the following methods:

Method 1

  1. Install the hotfix that is listed in the following article:
    277741 Internet Explorer logon fails due to an insufficient buffer for Kerberos
  2. Set the MaxTokenSize registry value on all client computers.

Method 2

  1. Install Microsoft Windows 2000 Service Pack 2 or a later Windows 2000 service pack.
  2. Set the MaxTokenSize registry value on all client computers.

Method 3

  1. Update Microsoft Internet Explorer.

    To obtain the latest version of Internet Explorer, visit the following Microsoft Web site.
    http://www.microsoft.com/ie
  2. Set the MaxTokenSize registry value on all client computers.
How to set the MaxTokenSize registry value
This resolution provides a registry value that you can use to increase the size of the Kerberos version 5 protocol token. For example, if you increase the token size to 64 kilobytes (KB), a user can belong to more than 1600 groups. Because of the associated security identifier (SID) information, this number may vary.

To set this registry value, follow these steps:

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
    Note If the
    Parameters
    subkey is not listed under the
    Kerberos
    subkey, follow these steps:
    1. Right-click Kerberos, point to New, and then click Key.
    2. Type Parameters, and then press ENTER.
  3. Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
  4. Double-click MaxTokenSize, set the decimal value to 65535, and then click OK.

    Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 65535 or that you set the hexadecimal value to FFFF. If you incorrectly set this value to 65535 hexadecimal, Kerberos authentication operations may fail. Additionally, programs may return errors. The 65535 hexadecimal value is an extremely large value.
  5. Quit Registry Editor.
  6. After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.

    Note Although you must update the domain controllers individually, you can use Group Policy settings to set this registry value for client computers that have also been updated. You must configure all client computers and all servers in the domain with this registry modification. You must also install Microsoft Windows 2000 Service Pack 2 or the hotfix in Method 1 on all the computers.

↑ Back to the top

Workaround

To work around this problem, reduce the number of groups that your user account belongs to.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Exchange Server 2003 Service Pack 1.

↑ Back to the top

More information

For more information about Kerberos token size configuration and support in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:
263693 Group Policy may not be applied to users belonging to many groups

↑ Back to the top

Keywords: KB842019, kbbug, kbfix, kbqfe, kberrmsg, kbexchange2003sp1fix

↑ Back to the top

Article Info
Article ID : 842019
Revision : 6
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 329