Users prompted for credentials after adding a shared mailbox as a second Exchange email account in their Outlook profile

Original KB number:   3184064

Symptoms

Consider the following scenario:

  • You have a hybrid deployment of on-premises Microsoft Exchange Server and Microsoft Exchange Online in Office 365.
  • You configured legacy on-premises public folders for a hybrid deployment.
  • You create a shared mailbox that's located in Exchange Online.
  • You assign Full Access permissions to one or more users.
  • Users add the shared mailbox as a second Exchange account in their existing Outlook profile.

In this scenario, users are repeatedly prompted for credentials when they open Outlook.

Cause

This issue occurs because Outlook tries to connect to the legacy on-premises public folders for the shared mailbox.

Workaround

To work around the problem, move the shared mailbox to the on-premises environment.

Resolution

To fix this issue, you can enable access to public folders for users and disable access to public folders for the shared mailbox. To do this, connect to Exchange Online PowerShell and follow these steps:

  1. Enable access to public folders for users by running the following cmdlet:

    Set-CASMailbox tony@contoso.com -PublicFolderClientAccess $true
    

    Note

    This example enables access to public folders for the user tony@contoso.com.

  2. Disable access to public folders for the shared mailbox by running the following cmdlet:

    Set-CASMailbox adam@contoso.com -PublicFolderClientAccess $false
    

    Note

    This example disables access to public folders for the shared mailbox adam@contoso.com.

  3. Enable access to public folders for the organization by running the following cmdlet:

    Set-OrganizationConfig -PublicFolderShowClientControl $true
    

More information

An error message that resembles the following is found in the RPC Client Access service log for this connection attempt:

[LoginPermException] 'User SID: SID' can't act as owner of a MailUser object '/o=ExchangeLabs/ou=Exchange Administrative Group (Group)/cn=Recipients/cn=<User_Identity>' with SID SID and MasterAccountSid S-1-5-10 (StoreError=LoginPerm)

For more information, see Configure legacy on-premises public folders for a hybrid deployment.

Still need help? Go to Microsoft Community or the Exchange TechNet Forums.