Logon has been restricted to certain users
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry on the Exchange Server computer to determine if the list of users who are allowed to log on to the Exchange information store has been limited:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\Logon Only As
If the Exchange Server Analyzer finds the Logon Only As registry value present, a warning is displayed.
The Logon Only As registry value is a multi-string value (REG_MULTI_SZ) that contains the list of legacyExchangeDN attributes for the accounts that are authorized to log on to the Exchange information store. This registry value, which is not present by default, is typically added during periods of troubleshooting, maintenance, and mailbox move operations.
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.
To correct this warning
Open a registry editor, such as Regedit.exe or Regedt32.exe.
In the right-hand pane, delete the Logon Only As registry value.
Close the registry editor and restart the Microsoft Exchange Information Store service for the change to take effect.
Before you edit the registry, and for more information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=256986).
For more information about the Logon Only As registry value, see the Knowledge Base article 146764, "Limiting Logons to the Information Store" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=146764).
For information about how to limit logons during mailbox move operations, see the Knowledge Base article 218920, "XADM: How to Prevent Logons During Move Mailbox" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=218920).