XCCC: Exchange 2000 Instant Messaging Authentication Failure (Q317339) _____ The information in this article applies to: Microsoft Exchange 2000 Server, versions SP1, SP2 _____ SYMPTOMS When Instant Messaging users try to log on, they may receive the following error message: Exchange Instant Messaging authentication failure. The person logged on to this computer does not have permission to use the specified e-mail address. Please supply an e-mail address and logon credentials for that address. CAUSE This issue may occur if you have enabled the Require secure channel (SSL) option on the Instant Messaging virtual directory in Microsoft Internet Information Service (IIS). Meanwhile, in the W3SVC protocol log that is located in the C:\Winnt\System32\Logfiles\W3svc1 folder, you may see the following 403 HTTP Response Code entry: (2002-05-08 09:13:22 157.60.71.131 - W3SVC1 READEC-EX2K-01 157.60.71.218 80 SUBSCRIBE /instmsg/aliases/readec - 403 -) RESOLUTION To resolve this issue, disable Secure Sockets Layer (SSL) on the Instant Messaging virtual directory in IIS. To do so, follow these steps on your Exchange 2000 server: 1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. 2. Expand the default Web site, and browse to the Instant Messaging virtual directory. 3. Right-click the Instant Messaging virtual directory, and then click Properties. 4. Click the Directory Security tab. 5. Click Edit under the Secure Communications section, and then click to clear the Require secure channel (SSL) check box. 6. Click OK twice to close each dialog box. 7. Stop and then re-start the default Web site in IIS. MORE INFORMATION In the W3SVC protocol log that is located in the C:\Winnt\System32\Logfiles\W3svc1 folder, you may see the following 403 HTTP Response Code entry: (2002-01-04 12:59:15 193.122.15.67 sci\siebertm 192.168.28.67 443 POLL /exchange/JANE/Inbox - 207 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0) 2002-01-04 12:59:41 192.168.28.103 - 192.168.28.67 80 SUBSCRIBE /instmsg/aliases/JOHN.SMITH - 403) Description: The server understood the request, but is refusing to fulfill it. Authorization does not help and the request should not be repeated. If the request method is not HEAD, the server may make public why the request has not been fulfilled. In such a case, the server describes the reason for the refusal in the entity. The 403 Response code is commonly used when the server cannot reveal exactly why the request has been refused, or when no other response is applicable. For additional information about Microsoft Internet Information Services (IIS) Protocol Logging and Instant Messenger, click the article number below to view the article in the Microsoft Knowledge Base: Q266754 <outbind://62/premier/library/default.aspx?path=%2fpremier%2fkb%2fen-us%2fQ266%2f7%2f54.ASP> XADM: How to Configure Instant Messaging Logging For additional information about other causes of this particular error, click the article numbers below to view the articles in the Microsoft Knowledge Base: Q278974 <outbind://62/premier/library/default.aspx?path=%2fpremier%2fkb%2fen-us%2fQ278%2f9%2f74.ASP> XCCC: Troubleshooting Authentication Failures in Instant Messaging Q319758 <outbind://62/premier/library/default.aspx?path=%2fpremier%2fkb%2fen-us%2fQ319%2f7%2f58.ASP> XCCC: Exchange 2000 Server Instant Messaging Authentication Does Not Succeed