Cannot start Outlook – your system needs more memory or system resources

Environment

  • Microsoft Windows Active Directory
  • Windows Server 2003
  • Terminal Server (Remote Desktop) environment
  • All users use read only mandatory profile
  • Outlook 2010 installed only for purpose of opening .msg files
  • Outlook 2010 configured with fake user account so new account wizard does not run when users try to open .msg files

Issue

When opening .msg file on the terminal server, users get following error message:

Microsoft Outlook - Cannot start Microsoft Outlook

Microsoft Outlook – Cannot start Microsoft Outlook

When trying to open Control Panel > Mail users get following error:

Mail - Your System needs more memory or system resources. Close some windows and try again

Your System needs more memory or system resources. Close some windows and try again

This does not affect users with domain or local administrator rights.

Cause

Issue was caused by restrictive permissions on registry key and sub-keys located under:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

When new Outlook profile is created, user who created the profile gets assigned Full Access permissions. Other domain users (apart administrators) don’t have any rights to these registry keys. Normally this is not an issue, however, in terminal server environment with mandatory profiles, this meant that only administrators and user whose profile was used to initially setup mandatory profile had access to this part of registry.

Solution

  • Change mandatory profile to normal roaming profile
    rename ntuser.man to ntuser.dat
  • Login as a use with administrator right
  • Open Registry (regedit.exe) and navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
  • Right click on Windows Messaging Subsystem and click on Permissions > Advanced
  • Make sure you have Domain Users group with Full Control permissions. If not add it
  • Select Replace permissions entries on all child objects … and press Apply
    This will propagate permissions to all child registry sub-keys
    Advanced Security Settings
  • Log off and change profile back to mandatory
    rename ntuser.dat to ntuser.man

Note: Every time Outlook is opened permissions on these registry sub-keys gets changes again. Don’t open Outlook (and any .msg files) after registry permissions change until you log off and change profile back to read-only (mandatory). After that it will not cause any issues as changes will not be saved to mandatory profile.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *