Exchange 2010: Send As Permission for group mailbox...

Our helpdesk has a shared mailbox used for users to submit issues.  Up until a week ago, all of the helpdesk techs could send-as the shared mailbox.
 Now when they attempt to send as the shared mailbox via Outlook they get the error "You do not have the permission to send the message on behalf of the specified user.".  When I attempt to manage send as permission via EMC (using an account
with Domain Admin privileges) I've found that the list of users who can send as is blank.  When I attempt to add send as permissions via EMC I get the error below:
domain\username
Failed
Error:
Active Directory operation failed on DC1.xxxxxx.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.140).aspx?v=14.3.195.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
Exchange Management Shell command attempted:
Add-ADPermission -Identity 'CN=account,DC=xxxxxx,DC=local'
-User 'domain\username' -ExtendedRights 'Send-as'
Elapsed Time: 00:00:00
Anyone have any advice to fix this issue?
Thanks in advance for your help.

I got this sorted.  Here's the fix:
On the problem account:  Open up active directory > Select the target user account > properties > Security Tab > advanced button.  If
you cannot see the Security tab you have to go to view > advanced features
On the Permissions tab put a check mark in Allow inheritable permissions from
the parent and click ok

Similar Messages

  • Exchange 2013 send as permission not allowed

    We have a Exchange 2013 server and Outlook 2010 clients. I have set full permission on other mailboxes with Powershell and in the ECP I set Send As permission for this user. But when I start Outlook 2010, go to the mailbox of one of the users and try to
    send an email as this user, the Outlook gives the error that send as is not allowed. What could the problem be?

    Hi,
    Please log in the Exchange Admin Center in Exchange 2013 to check whether the permissions are configured properly:
    1. Access ECP URL in IE to logon EAC as an administrator.
    2. Click recipients > Mailbox.
    3. Double-click the userA which is set full access permission and send as permission.
    4. In the User Mailbox window, click mailbox delegation to check whether the userB is listed under Send As and Full Access permission.
    If the permission is configured correctly, please try removing the permission and re-add it to check whether the issue persists.
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Exchange 2010 Send Connector to postfix (v. 2.11) smarthost uses STARTTLS and cannot connect

    Dear all,
    I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
    server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
    Here is the log file of the postfix server:
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01                 ....Z... V..
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84  T.=..^.d |k.!....
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b  ..3....u :.82...[
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0  ..../.5. ........
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff  ....2.8. ........
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b  ........ ........
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01                                         ...
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
    Jan  4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
    I
    have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
    how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
    reasons but I have come to a standstill...
    My Exchange server certificate is configured
    as follows:
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                         ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
                         essRule}
    CertificateDomains : {server1, server1.solid-con.com}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=server1
    NotAfter           : 22/01/2017 13:18:02
    NotBefore          : 22/01/2012 13:18:02
    PublicKeySize      : 2048
    RootCAType         : None
    SerialNumber       : 6925D91285B649BD4D5E4297F1A48471
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=server1
    Thumbprint         : 939A37173BF84E352CEDC74F7D9A3D71F498A005
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {WMSvc-SERVER1}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=WMSvc-SERVER1
    NotAfter           : 19/01/2022 12:56:44
    NotBefore          : 22/01/2012 12:56:44
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 1DB8711F7ADC5CB54196468EF2FF5D21
    Services           : None
    Status             : Valid
    Subject            : CN=WMSvc-SERVER1
    Thumbprint         : 191D86BDE274510453D58DDB91D253DABBCF05F1
    And My Default Send Connector is configured as follows:
    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     : System.Management.Automation.PSCredential
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : False
    DomainSecureEnabled          : False
    Enabled                      : True
    ErrorPolicies                : Default
    ForceHELO                    : False
    Fqdn                         :
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : SERVER1
    Identity                     : Internet
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : unlimited
    Name                         : Internet
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireOorg                  : False
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {server7.mydomain.com, server6.mydomain.com}
    SmartHostsString             : server7.mydomain.com,server6.mydomain.com
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {SERVER1}
    TlsAuthLevel                 :
    TlsDomain                    :
    UseExternalDNSServersEnabled : False
    Any help would be greatly appreciated as I am
    stuck...
    Luca

    Hi Allen,
    Thank you very much for your reply.
    The Postfix TLS Manager is enabled in master.cf
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    and running
    server7:/etc/postfix # ps -efa|grep tls
    postfix  11967 11863  0 11:21 ?        00:00:00
    tlsmgr -l -t unix -u
    Every other (Linux/UNIX) server has no problem e.g.:
    Jan  5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
    Jan  5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
    Jan  5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
    Jan  5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
    Jan  5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
    Jan  5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
    Jan  5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
    Jan  5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
    Jan  5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
    Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
    Jan  5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
    Jan  5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
    (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
    Jan  5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
    Jan  5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
    Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
    Jan  5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
    Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
    Jan  5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
    Jan  5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
    delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
    mail for delivery)
    Jan  5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
    and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
    To summarise:
    exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
    postfix --> exchange with TLS = works
    any further hints?
    Thank you very much in advance,
    Luca

  • Exchange 2007 - Send As Permission

    Hello, I have Exchange Server 2007 installed on my Windows Server 2008 system and am using an ASP.NET web application to send an e-mail message when certain events occur.  My problem is that I have everything set up and functioning properly, the e-mail message is sent with the designated e-mail address and I receive the e-mail message with no problems.  In order to do this, I have a generic e-mail address that I created for my domain and granted that generic e-mail address "Send As" permission for a different domain e-mail address and use the generic e-mail address in my ASP.NET web application for security purposes.
    My problem is the "Send As" permission seems to disappear very frequently.  It seems that I need to go into the Exchange Management Console and grant this Send As permission every time my server is rebooted, or even after going into Exchange Management Console to "Look around" and see what I have set up.  Does anybody know if there is a way to make the grant of Send As permission permanent so I don't have to constantly re-grant it?  I have applied SP1 to Exchange Server 2007 and am always sure to apply the most recent patches, etc. as soon as they are released.
    Thanks in advance!
    Tim

    Dear customer:
    Thanks for Bala’s reply. He is right.
    Active Directory uses a protection mechanism to make sure that ACLs are set correctly for members of sensitive groups. The mechanism runs one time an hour on the PDC operations master. The operations master compares the ACL on the user accounts that are members of protected groups against the ACL on the following object:
    CN=adminSDHolder,CN=System,DC=<MyDomain>,DC=<Com>
    Note "DC=<MyDomain>,DC=<Com>" represents the distinguished name (DN) of your domain.
    If the ACL is different, the ACL on the user object is overwritten to reflect the security settings of the adminSDHolder object (and ACL inheritance is disabled). This process protects these accounts from being modified by unauthorized users if the accounts are moved to a container or organizational unit where a malicious user has been delegated administrative credentials to modify user accounts. Be aware that when a user is removed from the administrative group, the process is not reversed and must be manually changed.
    The following list describes the protected groups in Windows Server 2003 and in Windows 2000 after you apply the 327825 hotfix or you install Windows 2000 Service Pack 4:
    • Administrators
    • Account Operators
    • Server Operators
    • Print Operators
    • Backup Operators
    • Domain Admins
    • Schema Admins
    • Enterprise Admins
    • Cert Publishers
    Additionally the following users are also considered protected:
    • Administrator
    • Krbtgt
    So first, please check whether the user that you grant “sends as” permission for it belongs to the above group.  If so, open ADSIEDIT.msc,  Check"Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here" option on the adminSDHolder. And replicates all the DC, and grant “send as” permission for the user again via EMC, check whether the “send as” work fine.
    For more information about adminSDHolder, please refer to “MORE INFORMATION” section in the following article:
    Delegated permissions are not available and inheritance is automatically disabled
    http://support.microsoft.com/kb/817433/en-us
    Additionally, for more information about Exchange 2007 Permissions, please refer to the following documents:
    Exchange 2007 Permissions: Frequently Asked Questions
    http://technet.microsoft.com/en-us/library/bb310792.aspx
    Hope it helps. If you have any question, please feel free to let me know.
    Rock Wang - MSFT

  • Outlook/exchange 2010 "cannot expand folder" on shared mailbox

    exchange 2010. outlook 2010 (and outlook 2013).
    change user mailbox 'mailbox1' to a shared mailbox with powershell:
               set-mailbox mailbox1 -type shared
    verify the mailbox appears as shared in exchange console.
    grant Full Access Permission to mailbox1 to Group1 AD group.
    member of Group1 adds mailbox1 as an additional mailbox to his outlook exchange account.
    when he clicks on mailbox1, outlook says "cannot expand folder. (was this information helpful?)"
    member of ad group logs out of windows and logs back in repeatedly.
    but when he clicks on mailbox1, outlook says "cannot expand folder. (was this information helpful?)"
     edit: if I specifically grant full access permission to the user, he can open the mailbox in outlook. I want to grant the permission to a group, not to individual users.

    Hi,
    I can give a security group full access permission to a shared mailbox in my Exchange 2010 environment. And all group members can add the shared mailbox as an additional mailbox in Outlook.
    Please make sure the full access permission has been assigned to Group1 and the problematic user is a member of this group. Then remove the additional mailbox and restart Outlook, re-add the shared mailbox as an additional mailbox to have a try. If the issue
    persists in Outlook, please try to open the shared mailbox in OWA to check whether the user can access it.
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Upgrading from Exchange 2003 Bridgehead servers to Exchange 2010 Transport Hub servers for routing SMTP only

    Our company moved from on-premises Exchange 2003 to Office365 and only have 4 Exchange 2003 servers on-prem that we use for Routing email from application servers to Office365. We need to migrate these servers to Exchange 2010 then to Exchange 2013 and
    only route email only. Is it possible to upgrade to Exchange 2010 by installing the transport Hub & Mailbox server options only? Our OAB and EWS services come from the CAS servers located on Office365 so we should not need a CAS server to set up Transport
    rules or route mail would we? Any assistance with this would be greatly appreciated! - Thanks, DWB
    Dave

    Since it is not internet facing we will not have to worry about configuring an Internet Domain Name when installing the first server, correct? in my planning I was going to
    install the Exchange 2010 CAS/Mailbox/Transport Hub roles on one server, then upgrade it to Exchange 2013. Once this is completed I'll then install the 2 mailbox role servers in one Datacenter, and 3 more in our DRP DC. If something happens to the
    primary Datacenter I would want it to fail over to the other site. For this I would have to install another CAS/mailbox server in the secondary DC. Would this plan sound about right? Since we moved to Office365 in 2010 I have not had a chance to deal with
    actual servers except for the Exchange 2003 servers we still have on-premises. Each of these are located in 4 Regional offices along with single Windows 2008 R2 servers using only the IIS SMTP service for routing mail from on-prem application servers
    and print/scanners which email back to the users. The plan is to move to a routing system which will provide both MTA and redundancy if one has an issue.
    Dave

  • Checking Executable Permission for Group

    Hi All,
    Is there a command to check if a file has executable permission for group? I am aware that it can be checked looking at permissions using "ls". But, if the same functionality is implemented in a shell script, is there a command to achieve this? For example, "find" commad with "-perm" option...
    Thanks in advance

    There are several ways to accomplish the task if you want to check a specific file.
    For instance:
    $ touch testfile1
    $ touch testfile2
    $ chmod 740 testfile1
    $ chmod 750 testfile2
    $ ls -l testfile?
    -rwxr-----. 1 dude dude 0 May 13 11:51 testfile1
    -rwxr-x---. 1 dude dude 0 May 13 11:51 testfile2
    $ [ $(ls -l testfile1 | cut -c 7 | grep x ) ] && echo "yes" || echo "no"
    no
    $ [ $(ls -l testfile2 | cut -c 7 | grep x ) ] && echo "yes" || echo "no"
    yes

  • Exchange 2010 - Selecting display names for users with multiple mailboxes

     Hi all,
    This isn't so much of a problem, but more of a "What is the best way to handle this" sort of thing.
    I have a client with Exchange 2010 and multiple domains. Because they must be able to send as each domain, I have them setup with individual accounts/mailboxes for each domain. We're at a point that they have three domains which means three accounts per
    user and three listings in the GAL. Their original accounts shows up as Smith, John. The second domain added shows up as First last. I'm at a loss what to use for the third. They want each account to show up in the GAL so that other users can send account
    specific stuff to them if needed, but I'm trying to figure out how to keep this relatively organized and not make the name on outbound emails too convoluted.
    Any suggestions on a format I can use that will make these accounts stand out from each other in the GAL, but not be a hot mess on the recipient end either?

    Smith, John (Company A)
    Smith, John (Company B)
    Smith, John (Company C)
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • Exchange 2010 Send As Permissions Dropping

    We are finding send as rights are dropping even though they are still appearing in the send As Rights Permissions box. This has been happeneing intermittently for a few weeks now, has anyone experienced something similar?
    Thanks

    Hi,
    As per the information and details provided by you, Send As permission is Dropping in Exchange 2010.
    Please follow these steps to setup Send As Permission in Exchange Server2010: -
    In Exchange 2010, Click on Start>
    Programs> Microsoft Exchange> and then click
    Active Directory Users and Computers.
    In the View menu, click on the
    Advanced Features.
    Expend Users, then right click the Mailbox Owner object where you want to grant the permission, and then click
    Properties.
    Click on the Security tab, and then click on
    Advanced.
    In the Access Control Setting for Mailbox Owner dialog box, click on Add.
    In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant Send As permission to and then click
    OK.
    In the Permission entry for Mailbox Owner dialog box, click
    This Object Only in the Apply onto list.
    In the Permission list, locate
    Send As, and then click to select the Allow check box.
    Click OK three times to close the dialog boxes.
    I hope this information will be helpful for you.
    Thanks and regards
    Ashish@S 
    Ashish@V

  • Exchange 2010: Sender address rejected: Access denied

    hi friends
    i have been recently experiencing an issue with one of my customer which i send email i get bounce message while i can receive their emails with no issue. i have exchange 2010 installed and im using Anti spam device too. my domain is ok.com
    i try to send from OWA as well but i get the same result.
    Delivery has failed to these recipients or groups:
    [email protected] A problem occurred during the delivery of this
    message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
    Diagnostic information for administrators:
    Generating server: antispamServer.ok.com
    [email protected] #< #5.0.0 X-Spam-&-Virus-Firewall; host mail.abc.com[22.22.22.12] said: 554
    5.7.1 <btv1==14869c83b8f==[email protected]: Sender address rejected: Access denied (in reply to RCPT TO command)> #SMTP#
    Original message headers:
    any idea?
    thanks

    hi
    when i disable the antispam device i get this error
    smtp5.relay.iad3a.emailsrvr.com rejected your message to the following e-mail addresses:
    [email protected]
    smtp5.relay.iad3a.emailsrvr.com gave this error: <[email protected]>: Sender address rejected: Access denied
    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another
    restriction may be preventing delivery.

  • 2010 Send As permission error

    Hi - I'm getting the following error when trying to add send as permission in Exchange 2010 - can anyone advise why this error is occurring? It is advising of insufficient rights but I can't see how this mailbox is different from others that allow the permission
    Thanks Jus
    Summary: 1 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:00:00
    DOMAIN\user
    Failed
    Error:
    Active Directory operation failed on (server) This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    The user has insufficient access rights.
    Click here for help...
    Exchange Management Shell command attempted:
    Add-ADPermission -Identity 'CN=Recruitment Perth Festival,OU=Resource Accounts,OU=PIAF Users,DC=piaf,DC=network' -User 'PIAF\jblackwell' -ExtendedRights 'Send-as'
    Elapsed Time: 00:00:00

    Hi,
    From the error description, the account you use don't have sufficient permission. I recommend you follow the steps below for troubleshooting:
    Open ADUC -> double click the problematic user account -> click Security -> click Advanced, check if "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined
    here." is checked. If no, please check it. I see some people have the same issue, they check it and then the issue is resolved.
    Also, you can use the following cmdlet to grant a user send as permission.
    Add-ADPermission "xxx" -User "xxx.xxx\xxx" -Extendedrights "Send As"
    Hope it helps.
    If you need further assistance, please feel free to let me know.
    Best regards,
    Amy
    Amy Wang
    TechNet Community Support

  • Outlook 2010 Exchange 2010 Read Receipt Request for all emails cannot be switched OFF.

    I have a strange situation with an Outlook 2010 client using Exchange 2010. The user has Outlook configured so that Under Options/Mail/Tracking - that "Read receipt confirming the recipient has viewed the message" is turned off. Yet everytime she
    sends a message, the option to request pops up on the recipient's outlook.
    I have tried to toggle the option on and off to no avail. I can switch the Delivery Receipt request on and off and it is no issue.
    Can anyone tell me what attribute in ADSIEdit or Exchange is that seems to be stuck ON? 

    Hi,
    I believe you would like to block this only for the user and not for your ORG... ??
    Although, you can block this for your entire ORG.
    what happens is that the Read receipt contains a "Disposition-Notification-To" 
    If we get rid of this header we can restrict the receiver to get that prompt.
    we can create a Transport rule either for the entire org or for that specific user by making an adjustment in the "exception tab"
    for more info refer this blog.
    http://blogs.technet.com/b/exchange/archive/2011/02/23/3412028.aspx
    Thanks & Regards
    John Chris

  • Exchange 2010 - Send Connector High Availability

    Hi All,
    I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array.  The solution works well and when we simulate a site failure
    I am able to get the second node to handle all mail functions.
    The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use.  I should explain that I have two send connectors as I do not want the secondary server
    to be used unless the primary server is down or the route is unavailable.  I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
    not to by disabling it).
    My question is how do I get this to happen automatically?  Does anyone else have an example of how this could be done or use a PowerShell script to achieve this?  I guess a script could check the route and disable the send connector on the primary
    server if necessary, but how would one do this?
    Any help greatly appreciated.
    Rob

    Hi,
    According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
    If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
    For more information, you can refer to the following article:
    http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
    Thanks,
    Angela Shi
    TechNet Community Support

  • Exchange 2010 SP1 - Export to PST, Remove Mailbox

    I'm looking for a PowerShell script that will allow me to use Exchange 2010 SP1 to export a mailbox to PST and then when finished, delete the user and mailbox. I typically do this process manually about 6 months after an employee leaves the company (allowing
    for live access to the mailbox and message forwarding to their supervisor).
    Ideally, the script would take input for a mailbox ID, and then export the file to a file of the mailbox name (Prompt: jdoe -> New-MailboxExportRequest -Mailbox jdoe -FilePath \\server\path\jdoe.pst). After the export is complete, it would schedule the
    mailbox for complete removal and remove the completed mailbox export request. The prompt and export process should be simple enough, but I suspect the difficulty will come with monitoring for the completed request before acting on the removal.
    Thanks for any help provided! :)

    Thanks for the guidance!
    I think I was able to come up with something that will do the trick nicely:
    $Name = Read-Host "Please enter a mailbox to archive"
    New-MailboxExportRequest -Mailbox $Name -FilePath \\Exchange\C$\ExchangeExports\$Name.pst
    while ((Get-MailboxExportRequest -Mailbox $Name | Where {$_.Status -eq "Queued" -or $_.Status -eq "InProgress"}))
    sleep 60
    Get-MailboxExportRequest -Mailbox $Name | Remove-MailboxExportRequest -Confirm:$false
    Remove-Mailbox -Identity $Name -Confirm:$false
    Hopefully it may help others.

  • Mapi Session limit (EVENT ID 9646), Exchange 2010 fix still valid for exchange 2013?

    Hi Guy's,
    we run Exchange 2013 + Outlook 2010
    as i was investigating an Outlook Sync Error, for a secondary mailbox, i figured out that the Mailbox has more than 500 Folders and that i can see the Evnet ID 9646 (Mapi session exceeded the maximum of 500 objects) on the Exchange Server.
    Now i found a fix for Exchange 2010 but not for Ex2013, is the old fix for EX2010 still valid?:
    Navigate to HKLM > System > CurrentControlSet > Services > MSExchangeIS > ParametersSystem. Create a new key in ParametersSystem named
    MaxObjsPerMapiSession. In MaxObjsPerMapiSession, create a DWORD named
    objtFolder with a decimal value of 600. Create a second DWORD named
    objtFolderView
    anyone an idea on this?
    regards
    Stefan

    OK
    i seems that fix is still working and you don't even need to reboot.
    Also solved the sync Problems of secondary Mailbox.
    regards
    Stefan

Maybe you are looking for