One of our customers has trouble to use MFCMAPI with the latest ExchangeMAPI package to access a mailbox on Exchange 2010 after a new CAS server was installed an the old one was deinstalled. The mailbox server stayed the same and has no CAS role installed.

We recreated the MAPI profile for the mailbox to select the new CAS server. "Check names" resolved successfully.
But still MAPI_E_FAILONEPROVIDER when we try to open the mailbox hierarchie from MFCMAPI.

We created a CAS array with just one member. Still same error.

Accessing the CAS through https:// showed no certificate problems

We logged on with that user on a client machine with Outlook 2010 and had no troubles to access the mailbox.

Digging the RPC client access logs on the new CAS showed this error:

User SID: S-... can't act as owner of a UserMailbox object ...

We looked up the SID and found that it was the SID of the domain admin not the currently logged on user.

Granting the domain admin fullaccess on the mailbox allowed us to connect.

But why would the admin-account be used for logon when our MAPI profile should use Windows Integrated Security which should use the locally logged on account?

We checked IIS app pools: they are either set to use LocalSystem or ApplicationPoolIdentity. No sign of domain-admin.

The rpc app has only Windows Authentication enabled.