Exchange 2010 You do not have permission to log on

Posted on 2012-09-20
Last Modified: 2012-09-23
Ive just built a new lab comprising
NY-DC1-2K8 - 2008R2 Domain Controller
NY-EX2K10MB1 - Exchange 2010 MailBox Server
NY-EX2K10PRIME - Exchange 2010 Hub Transport and CAL Role
NY-PC1-W7S - Windows 7 PC Running Outlook 2010.

Whole installation went fine no issues what so ever.  In theory I should be able to send email from a user to a user as a test basic internal email flow is working correctly.

However, when ANY user, or administrator logs on to Outlook 2010 they get the error :

"Cannot Open your default e-mail folders. You do not have permission to log on"

The Users can access the OWA but when they try to send INTERNAL mail it goes straight into the drafts folder.

Exchange is up and running fine, all the pre-requisites have been done etc.  Can anyone advise why this basic setup is failing.  

In OWA when you logon or send a message you get the standard "There is a problem with this website's security certificate." message.

In Outlook 2010 when it starts for the first time autodiscover finds the correct settings when you lick Next you get a security Alert as show attached.  When you get Do you want to proceed and click Yes you get your email account is successfully configured as shown attached.  When I click finish I get the error, (attached).  Im guessing many people will have seen this issue.

Is it caused by the certificate ?  How do I get around the issue please ?

Thank you.

Question by:Mdc2050
    LVL 7

    Assisted Solution

    by:Ilya Rubinshteyn
    1) Make sure your certificate services are set up appropriately if you are using a private certificate. Then you need to add your certificate server as a trusted root certification authority on whatever machine you are using.
    2) make sure the user has full permissions as well as send as permissions to their own mailboxes
    LVL 18

    Accepted Solution

    Create a new certificate for the FQDN Because for autodiscover purpose the host name "autodiscover" required in certificate. Microsoft outlook default find exchange server over the internet through

    Please make sure on the public dns the dns available ""

    Refer below link to White Paper: Exchange 2007 Autodiscover Service. It's same for exchange 2010.


    To create a self sign certificate please refer below links.

    Shell command for create self sing certificate :

    New-ExchangeCertificate -SubjectName "c=US, o=abc Bank," -DomainName,


    If you have installed internal url certificate and want to use autodiscover funcation only internaly then instead of create a autodiscover certificate you can change autodiscover url name also using following commands.

    Set-ClientAccessServer -Identity "fcnts60bdc11" –AutodiscoverServiceInternalURI

    Set-WebServicesVirtualDirectory -Identity "fcnts60bdc11\EWS (Default Web Site)" –InternalUrl

    Set-OABVirtualDirectory -Identity “fcnts60bdc11\OAB (Default Web Site)” -InternalURL
    LVL 63

    Assisted Solution

    by:Simon Butler (Sembee)
    I don't think this is an SSL certificate issue.
    If it was SSL then you wouldn't be able to login to OWA.

    First thing I would check is whether all of the services are running on both Exchange servers. Clients connect to the CAS role, not the mailbox role, so a problem with the CAS role machine can cause problems.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now