SYMPTOMS

When authenticating within the web mail interface using the Windows authentication method the authentication fails. If the mail services such as SMTP are running as IME_SYSTEM then this can produce the same error.

The following error or similar is presented within the Windows event log viewer:

The description for Event ID ( 10000 ) in Source ( MailEnable ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: MailEnable Authentication TD Provider error: 1314, Windows Authentication for User (username) on Domain () failed with error (1314): A required privilege is not held by the client. SE_TCB_NAME and SE_CHANGE_NOTIFY_NAME rights may be required.

CAUSE

The ASPNET Windows account or the Windows account the services are running under does not have the local machine policy to "Act as part of the operating system".

RESOLUTION

Navigate within windows to the following location: Administrative tools>Local Security Settings. You can also access by running secpol.msc.

1. Expand Security settings->Local Policies
2. Click on "User Rights Assignment".
3. In the right hand pane locate the following policy "Act as part of operating system" and right click and select "Properties".
4. Click on the Add button to add the required Windows account.
5. Restart IIS or the mail services for the changes to take effect.