This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 66%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
We have a mysterious problem where our shared mailboxes gets locked out. The origin is always Outlook on some of the users computers. I can see in the eventlog there are 4648 events recorded similar to these:
A logon was attempted using explicit credentials.
Subject:
Security ID: privdomain\xuserx
Account Name: xuserx
Account Domain: privdomain
Logon ID: 0x76CBE
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: sharedmailbox@privdomain.com
Account Domain: privdomain
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: ex01.privdomain.com
Additional Information: ex01.privdomain.com
Process Information:
Process ID: 0x100c
Process Name: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Network Information:
Network Address: 10.20.30.40
Port: 443
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
What I have problems understanding is how Outlook lock out the mailbox user, when the users are logging on to the mailboxes with their own user credentials? They use the add account feature from within Outlook, where they add the email address of the shared mailbox and the shared mailbox is added as an aditional mailbox without any question about username or password. Both user and shared mailbox are on on-prem Exchange 2016, while Outlook is current 365 app. The users locking out the shared mailboxes are not getting locked out them selves.
They do add the mailbox similar to the following blog, but they are not prompted for a username and password: https://www.michev.info/Blog/Post/2025/how-to-add-a-shared-mailbox-as-additional-account-in-outlook-2016-build-8431-and-above-on-windows-10-1709-and-above
We also have a fair bit of users getting locked out, seemingly from the usermanager service on their computers, but we are unsure if it is related somehow.
Is the shared mailbox AD account enabled? If so, disable it. No one should logging on to it directly anyway.
Also the regular users should not have to add the additional mailbox if they have full mailbox access to it. It will show automatically in their Outlook profiles on the left side.
The shared mailboxes AD user accounts are disabled. That's why I think it is mysterious. The credentials are never provided for the shared mailbox and the AD user is disabled, but its still getting locked out from the users that have it added as a second account.
From the event posted above, the xuserx is the users ad account creating the event, while it is the shared mailbox account that was locked out.
Edit: The users get rights on the mailbox by AD security group, that's why the backlinks are not created. They prefer to add the mailbox this way, as they do not have to change from address when answering mails and they can change rules without having to log in to webmail. I am not the Exchange admin in this company, but have some experience. I just got the problem with the locked accounts and figuring out why its happening from the clients.