none
Windows Service - Send CDOSYS e-mail [NTLM] - possible using "Local System Account", any alternatives? RRS feed

  • Question

  • Hi,
     
    I'm currently developing a windows service to send e-mail using CDOSYS via NTLM.

    At present, the windows service is running as "Local System Account" and therefore, not able to send any e-mail.

    My understanding is through NTLM, the Local System Account is not recognized by Exchange.

    Are there any alternatives? I need to use NTLM.


    Thank you,

    Ronald Chuah.
    Wednesday, December 31, 2008 7:10 AM

Answers

  • Hi Ronald,

    Thank you for your question. This forum is for questions specific to the Microsoft Open Protocol Specifications documentation. If you can provide a bit more detail about your scenario I may be able to point you to a better resource if you need more assistance beyond what I explain below.

    The “Local System Account” uses the system credentials to access resources so it can only be authenticated by the local machine. Therefore, you cannot access network/distributed resources with the Local System Account. If your Exchange server is a Network resource, as your question implies, then you will need to configure the SMTP service to run with a Domain Account. The Domain user you set for the service should be a member of the Local Administrators group on the machine, and should have “Logon as a service” user right. However, there are several services which run in the same process as the SMTP service so you will need to change the service account for all of these services to the same account: IIS Admin Service, FTP Publishing Service, World Wide Web Publishing Service.

    Another way to accomplish this through code without changing the services to use a Domain Account is through Impersonation,
    http://msdn.microsoft.com/en-us/library/ms691341(VS.85).aspx


    Further troubleshooting/configuring SMTP:
    http://www.microsoft.com/technet/archive/itsolutions/ecommerce/deploy/d5smtp.mspx?mfr=true
    http://technet.microsoft.com/en-us/library/bb878139.aspx


    Regards,
    Mark Miller
    Escalation Engineer
    US-CSS DSC PROTOCOL TEAM

    Tuesday, January 6, 2009 6:25 PM

All replies

  • Ronald,

       Thanks for your question.  One of our team members will work on your question and follow up with you soon.


    Hongwei Sun -MSFT
    Saturday, January 3, 2009 4:40 PM
  • Hi Ronald,

    Thank you for your question. This forum is for questions specific to the Microsoft Open Protocol Specifications documentation. If you can provide a bit more detail about your scenario I may be able to point you to a better resource if you need more assistance beyond what I explain below.

    The “Local System Account” uses the system credentials to access resources so it can only be authenticated by the local machine. Therefore, you cannot access network/distributed resources with the Local System Account. If your Exchange server is a Network resource, as your question implies, then you will need to configure the SMTP service to run with a Domain Account. The Domain user you set for the service should be a member of the Local Administrators group on the machine, and should have “Logon as a service” user right. However, there are several services which run in the same process as the SMTP service so you will need to change the service account for all of these services to the same account: IIS Admin Service, FTP Publishing Service, World Wide Web Publishing Service.

    Another way to accomplish this through code without changing the services to use a Domain Account is through Impersonation,
    http://msdn.microsoft.com/en-us/library/ms691341(VS.85).aspx


    Further troubleshooting/configuring SMTP:
    http://www.microsoft.com/technet/archive/itsolutions/ecommerce/deploy/d5smtp.mspx?mfr=true
    http://technet.microsoft.com/en-us/library/bb878139.aspx


    Regards,
    Mark Miller
    Escalation Engineer
    US-CSS DSC PROTOCOL TEAM

    Tuesday, January 6, 2009 6:25 PM