Users prompted for credentials after adding a shared mailbox as a second Exchange email account in their Outlook profile
Original KB number: 3184064
Consider the following scenario:
- You have a hybrid deployment of on-premises Microsoft Exchange Server and Microsoft Exchange Online in Office 365.
- You configured legacy on-premises public folders for a hybrid deployment.
- You create a shared mailbox that's located in Exchange Online.
- You assign Full Access permissions to one or more users.
- Users add the shared mailbox as a second Exchange account in their existing Outlook profile.
In this scenario, users are repeatedly prompted for credentials when they open Outlook.
This issue occurs because Outlook tries to connect to the legacy on-premises public folders for the shared mailbox.
To work around the problem, move the shared mailbox to the on-premises environment.
To fix this issue, you can enable access to public folders for users and disable access to public folders for the shared mailbox. To do this, connect to Exchange Online PowerShell and follow these steps:
Enable access to public folders for users by running the following cmdlet:
Set-CASMailbox firstname.lastname@example.org -PublicFolderClientAccess $true
This example enables access to public folders for the user email@example.com.
Disable access to public folders for the shared mailbox by running the following cmdlet:
Set-CASMailbox firstname.lastname@example.org -PublicFolderClientAccess $false
This example disables access to public folders for the shared mailbox email@example.com.
Enable access to public folders for the organization by running the following cmdlet:
Set-OrganizationConfig -PublicFolderShowClientControl $true
An error message that resembles the following is found in the RPC Client Access service log for this connection attempt:
[LoginPermException] 'User SID: SID' can't act as owner of a MailUser object '/o=ExchangeLabs/ou=Exchange Administrative Group (Group)/cn=Recipients/cn=<User_Identity>' with SID SID and MasterAccountSid S-1-5-10 (StoreError=LoginPerm)
For more information, see Configure legacy on-premises public folders for a hybrid deployment.