Exchange 2010 Special Permissions

Similar Messages

• After Exchange 2010 SP3 upgrade, UAG publised OWA is throwing a "You do not have permissions to view this folder or page" error

  Hi,
  We have an issue with our OWA page.  We are currently publishing OWA via UAG.
  We recently upgraded to Exchange 2010 SP3 and then SP3 Rollup7.  Since the upgrade, we are keep getting the following error after entering our credentials on the login page.  I've tried with every possible browser. 
  You do not have permissions to view this folder or page
  Strangely enough, the mobile phones are sending and receiving emails just fine, the phones use the same OWA link, so it's not an authentication issue, the phones login into the UAG servers with no issues.  I can see this on the Active Sessions screen
  on Web Monitor. 
  I've attempted to connect to the OWA by bypassing the UAG server, so putting in the local OWA address of one of my Exchange servers, it works... so the OWA page is up and running. 
  No error logs get generated on Web Monitor when we receive the permission error, I think this is because it's past authentication, it's on the Exchange layer. 
  Any insight would be helpful?  I'm assuming something changed on the Exchange side after the upgrade.
  Just in case, I've upgraded the UAG and TMG servers to the latest SP and Rollup packets.
  UAG > SP4
  TMG > SP2 Rollup 5

  I've found a solution; UAG requires Basic Authentication over OWA.  For some reason Integrated Windows Authentication got turned on after the SP3 upgrade.
  http://technet.microsoft.com/en-us/library/ee921443.aspx
  Turning Integrated Windows Authentication off via the Client Access OWA settings resolved the issue.  Though beware, you
  have do this on all your Client Access servers.  

• Exchange 2010 Room Calendar Permissions are too permissive when Default is set to None.

  Help! Room Calendar permissions are too permissive when Default is set to None.
  We are a brand new Exchange 2010 shop, and have setup several conference rooms.  Many of them are restricted to specific groups to book via In-Policy Requests using Resource Booking Attendant.  The Room Calendar permissions for most
  rooms shows only two options for the Default access: None and Full Details.  Default is set to None, yet if someone opens the room calendar in Outlook (& they are not part of the In-Policy restrictions) they are able to see the full meeting details
  (even open the meeting for full details).  How is this possible when by default they should not have any access as it is set to None?  Some rooms would not be a problem for clients to see the details, but some rooms like Executive rooms need to be
  locked down so that others cannot see the room details - None.
  I also found this, although it did not make a difference.  If I create an Outlook profile for the room and login as the room calendar in Outlook, go to File, Options, Calendar, Resource Scheduling, Set Permissions I get different default options:
  None, "Free/Busy time", "Free/Busy time, subject, location" and Full Details.  Why do I have more options in this view rather than the Room Calendar Permissions?  I looked at two rooms and both Default options were set to "Free/Busy
  time", so I changed these settings to None.  Still the clients can view the full room calendar details.  What are we missing to get the room calendar locked down so it is not displaying details to everyone?

  Only the default groups and Exchange Admins have Full Access to these items, so that is not the issue.
  -MailboxFolderPermission 1RP07AWest:\Calendar cmdlet and it shows the same access I see when I open the calendar in Outlook and view the Permissions as shown below - Default is set to None.
  As I stated in my last reply the only thing that finally forced it to be blocked is changing the Resource Scheduling permissions under Options > Calendar for that room mailbox.  If I have to do that for each room calendar, it's going to
  take considerable time to change each one.  Is there a cmdlet to allow me to access and change that setting as well?
  RunspaceId   : ea4ebc26-1d22-4a7d-b115-1b609099bae3
  FolderName   : Calendar
  User         : Default
  AccessRights : {None}
  Identity     : Default
  IsValid      : True
  ObjectState  : New
  RunspaceId   : ea4ebc26-1d22-4a7d-b115-1b609099bae3
  FolderName   : Calendar
  User         : Anonymous
  AccessRights : {None}
  Identity     : Anonymous
  IsValid      : True
  ObjectState  : New

• Remove mailbox permissions - exchange 2010

  What is it you are trying to achieve by removing permissions = are you talking users having permissions on other accounts or including system accounts - as some are a requirement.

  Hi Guys,I need some professional help from you guys being really expert in exchange ! I have exchange 2010 at my organization (recently joined). I had to figure out permissions for each mailbox in my exchange organization. So I executed the following script which ran like a charm with a full list of mailbox, user having permission on that mailbox and type of permission as well.Get-Mailbox -resultsize unlimited| Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF"} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation C:\script\mailboxperm1.csvNow the issue is, These permissions in this list are not visible in GUI of EMC. If I try to remove them using Exchange power shell, sometimes they are removed and sometimes I get this warning and...
  This topic first appeared in the Spiceworks Community

• Best way to migrate Mailboxes with all permissions Exchange 2010 to Exchange 2010--cross forest

  Hi,
  Due to some Exchange and Active Directory issues (with remnants of old Ex 2003 server), we are going to migrate Exchange 2010 Mailboxes and public folders to a new Exchange 2010 Sp3 server, which is created in a new AD forest.
  I would really appreciate if someone can direct us to the best way to migrate mailboxes and PFs with their permissions, to new Ex 2010 SP3 server. We have around 30 mailboxes, and 300 GB of mailboxes data, and 200 GB of PFdata.
  Thanks in anticipation.
  Regards, David Johnson

  Hello,
  Firstly, you need to creat forest trust between two forests.
  If you want to move AD user account and mailboxes, please use ADMT and PrepareMoveRequest script.
  If you want to migrate public folder, please export data to PST file and then import pst file to new server. 
  Additional article for your reference.
  http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx
  Cara Chen
  TechNet Community Support

• Scheduling Assistant shows "You do not have permissions to see the recipient's free busy" Exchange 2010

  Setup:
  Exchange Server 2010 Sp2
  Servers running individual roles (2xMailbox, 2xCAS, 2xHub, 2xEdge) All windows server ent 2008 R2
  I can see the calendar content if i open Room Mailbox using the 'Open Calendar' from the menu but the scheduling assistant while
  creating a new meeting invite gives 'You do not have permissions to see the recipient's free busy' error code 5037
  Permission on the conference room is below.
  [PS] C:\Windows\system32>Get-MailboxFolderPermission -id Testconfroom1:\calendar
  RunspaceId   : bbb43bc9-a0c5-4c23-b5f5-b7235f795e26
  FolderName   : Calendar
  User         : Default
  AccessRights : {ReadItems, EditOwnedItems, FolderVisible}
  Identity     : Default
  IsValid      : True
  RunspaceId   : bbb43bc9-a0c5-4c23-b5f5-b7235f795e26
  FolderName   : Calendar
  User         : Anonymous
  AccessRights : {FolderVisible}
  Identity     : Anonymous
  IsValid      : True
  Appreciate any help to fix the above.
  Inderjit

  Hi Inderjit,
  Does this issue occur on only one user or all users?
  If only one user has this issue, I suggest performing troubleshooting on Outlook client first.
  1. Please run Outlook under safe mode to avoid some AVs and add-ins.
  2. Please start Outlook with "outlook.exe /cleanfreebusy".
  3. Please try to re-create profile to refresh the caches.
  Then please perform troubleshooting on Exchange server side.
  1. This issue may occured due to mailbox corruption in the folder level.
  2. Genrally we can check the mailbox property PR_FreeBUsy_NT_SECURITY_DESCRIPTOR and verify the permission.
  3. I suggest re-granding the specific user permission for testing.
  4. I suggest moving the sepcific user's mailbox to another database, issues will solved by itself automatically.
  If all users have this issue, I suggest resetting the permission on Calendar folder and give the necessary permissions (Free Busy Time/ Free Busy Details /Full Details) via Exfolders.
  Refer to :
  http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2010 Send As Permissions Dropping

  We are finding send as rights are dropping even though they are still appearing in the send As Rights Permissions box. This has been happeneing intermittently for a few weeks now, has anyone experienced something similar?
  Thanks

  Hi,
  As per the information and details provided by you, Send As permission is Dropping in Exchange 2010.
  Please follow these steps to setup Send As Permission in Exchange Server2010: -
  In Exchange 2010, Click on Start>
  Programs> Microsoft Exchange> and then click
  Active Directory Users and Computers.
  In the View menu, click on the
  Advanced Features.
  Expend Users, then right click the Mailbox Owner object where you want to grant the permission, and then click
  Properties.
  Click on the Security tab, and then click on
  Advanced.
  In the Access Control Setting for Mailbox Owner dialog box, click on Add.
  In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant Send As permission to and then click
  OK.
  In the Permission entry for Mailbox Owner dialog box, click
  This Object Only in the Apply onto list.
  In the Permission list, locate
  Send As, and then click to select the Allow check box.
  Click OK three times to close the dialog boxes.
  I hope this information will be helpful for you.
  Thanks and regards
  Ashish@S 
  Ashish@V

• Mailbox Permissions Exchange 2010 forcing mailbox on outlook profile.

  Hi,
  We currently have a user that uses outlook 2010, along with exchange 2010. He currently uses two mail profiles on his outlook.
  Profile 1 & Profile 2.
  Profile 1 consists of his primary inbox. Profile 2 consists of a few shared mailboxes, along with 3 staff members.
  When we add full permissions to the user to another 3 mailboxes 2010 makes this automatically appear for the user, casuing it to show on profile 1. Is there a way to stop this auto mapping and only add them to the second mailbox?
  Thanks

  Hi,
  We can use the “-Automapping” switch in the following command:
  http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx
  Thanks,
  Simon Wu
  TechNet Community Support

• Calendar Free/Busy permissions being ignored for users migrated from Exchange 2003, fine for new users created on Exchange 2010

  I have uncovered a situation where it seems the free/busy permissions are being ignored for users that were migrated from Exchange 2003 to Exchange 2010.
  I have the default permissions set to only show Free/Busy Time, not Details.  However if I look at the calendar for a users who was migrated from the old Exchange 2003 server, I can see details.  If I look
  at a newer user who was added directly to the Exchange 2010 server, I (correctly) only see the times and "Free" or "Busy", not the specific details.
  I verified the permissions on the migrated mailboxes many different ways (Exfolders, cmdlets, etc) and all signs point to only allow showing Free/Busy Times, but alas, I can still see the Details as well.
  My users are using Outlook 2010.

  Hi,
  Does this issue occur on Outlook only or both Outlook and OWA?
  Since you have double checked the permissions via multiple methods, it seems there is nothing problem on permission. Please make sure the migration from Exchange 2003 server completed successfully.
  If in OWA everything goes well (cannot see details), it should be an issue on the Outlook client side.
  I suggest run Outlook under safe mode to avoid some AVs and add-ins.
  I suggest re-create profile to refresh the caches.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• [SOLVED] Can't add a node to the cluster with error (Exchange 2010 SP3 DAG Windows Server 2012)

  Hi there!
  I have a problem which makes me very angry already :)
  I have two servers Exchange 2010 SP3 with MB role started on Windows Server 2012. I decided to create a DAG.
  I have created the prestaged AD object for the cluster called msc-co-exc-01c, assigned necessary permissions and disabled it. Allowed through the Windows Firewall traffic between nodes and prepared the File Share Witness server.
  Then I have tried to add nodes. The first node has been added successfully, but the second node doesn't want to be added :). Now I can add only one node to the DAG. I tried to add different servers first, but only the first one was added.
  LOGS on the second nodes: 
  Application Log
  "Failed to initialize cluster with error 0x80004005." (MSExchangeIS)
  Failover Clustering Diagnostic Log
  "[VER] Could not read version data from database for node msc-co-exc-04v (id 1)."
  CMDLET Error:
  Summary: 1 item(s). 0 succeeded, 1 failed.
  Elapsed time: 00:06:21
  MSC-CO-EXC-02V
  Failed
  Error:
  A database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode()
  (MaxPercentage=100) failed with 0x5b4. Error: This operation returned because the timeout period expired"' failed. [Server: msc-co-exc-04v.int.krls.ru]
  An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned because the timeout period expired"' failed..
  This operation returned because the timeout period expired
  Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.174.1&t=exchgf1&e=ms.exch.err.ExC9C315
  Warning:
  Network name 'msc-co-exc-01c' is not online. Please check that the IP address configuration for the database availability group is correct.
  Warning:
  The operation wasn't successful because an error was encountered. You may find more details in log file "C:\ExchangeSetupLogs\DagTasks\dagtask_2014-11-17_13-54-56.543_add-databaseavailabiltygroupserver.log".
  Exchange Management Shell command attempted:
  Add-DatabaseAvailabilityGroupServer -MailboxServer 'MSC-CO-EXC-02V' -Identity 'msc-co-exc-01c'
  Elapsed Time: 00:06:21
  UPD:
  when Exchange servers ran on the same Hyper-V node, the DAG is working well, but if I move one of VM to another node, It stops working.
  I have installed Wireshark and captured trafic of cluster interface. When DAG members on the same HV-node, there is inbound and outbound traffic on the cluster interface, but if I move one of DAG member to another node, in Wireshark I see only outbound traffic
  on both nodes.
  It's confused me, because there is normal connectivity between these DAG members through the main interface.
  Please, help me if you can.

  Hi, Jared! Thank you for the reply.
  Of course I did it already :) I have new info:
  when Exchange servers ran on the same Hyper-V node, the DAG is working well, but if I move one of VM to another node, It stops working.
  I have installed Wireshark and captured trafic of cluster interface. When DAG members on the same HV-node, there is inbound and outbound traffic on the cluster interface, but if I move one of DAG member to another node, in Wireshark I see only outbound traffic
  on both nodes.
  It's confused me, because there is normal connectivity between these DAG members through the main interface.

• Cisco 5.0 "Your messages are not available now" after exchange 2010 and DC migration to a new host

  Guys,
  First of all, thanks for looking at this post. Hopefully you guys can help me out. My unity users, when dialing into voicemail are getting the message "Your messages are not available now".
  Services in error state under the event viewer:
  Event Type:    Error
  Event Source:    CSAgent
  Event Category:    Kernel Rule 
  Event ID:    256
  Date:        7/29/2014
  Time:        11:42:41 AM
  User:        N/A
  Computer:    UNITY
  Description:
  A packet with a bad transport layer header was detected. Reason: Illegal TCP reserved flags set using interface Wired\HP NC324i PCIe Dual Port Gigabit Server Adapter. TCP: 00.000.00.000/443->00.00.0.00/1241, flags 0x10. The operation was denied.
  Event Type:    Error
  Event Source:    CiscoUnity_MALEx
  Event Category:    Error 
  Event ID:    30012
  Date:        7/29/2014
  Time:        11:44:27 AM
  User:        N/A
  Computer:    UNITY
  Description:
  An occurred which prevents successful Exchange access by CsBMsgConnector via MAPI.
  This is typically an indication of configuration issues with Unity, Exchange, or the MAPI subsystem.
  Verify that the Unity services accounts are granted the correct permissions and that there are no issues with installation.  The SysCheck utility may assist in diagnosing the problem.
  Event Type:    Error
  Event Source:    CiscoUnity_Doh
  Event Category:    Error 
  Event ID:    32013
  Date:        7/29/2014
  Time:        11:44:27 AM
  User:        N/A
  Computer:    UNITY
  Description:
  Doh logon failed due to messaging component logon error: 8004052eH
  I found and followed to the letter:
  http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unity/107323-unity-error.html
  I also went ahead and ran GUSI with some mixed results under environment information:
  SQL Version = Microsoft SQL Server  2000 - 8.00.2282: unknown SP
       SQL Edition = Desktop Engine
       Windows version =  5.2 Build 3790: Service Pack 2
       Outlook is not installed on the local server
       MAPI Provider : CDO Version - 6.5.8211.0
       MAPI Shared Memory: (HKLM:SOFTWARE\Microsoft\Windows Messaging Subsystem\Applications\<process>\SharedMemMaxSize)
              AvCsMgr : is set to recommended value
              AvMsgStoreMonitorSvr : RegKey not found.  Recommend add the key AvMsgStoreMonitorSvr and set DWORD SharedMemMaxSize with a value of 4194304 (decimal)
              AvNotifierMgr : RegKey not found.  Recommend add the key AvNotifierMgr and set DWORD SharedMemMaxSize with a value of 4194304 (decimal)
              AvUMRSyncSvr : is set to recommended value
              CsBMsgConnector : RegKey not found.  Recommend add the key CsBMsgConnector and set DWORD SharedMemMaxSize with a value of 4194304 (decimal)
              CsBridgeConnector : RegKey not found.  Recommend add the key CsBridgeConnector and set DWORD SharedMemMaxSize with a value of 4194304 (decimal)
              CsVpimConnector : RegKey not found.  Recommend add the key CsVpimConnector and set DWORD SharedMemMaxSize with a value of 4194304 (decimal)
           TCPChimney : Disabled
           RSS : Disabled
           *Pulled from UnityDB Configuration Table*
           ExcludeAllReceipts : 0
           ExcludeReturnReceipts : 0
           DisableSearchFolderUse : 0
           MinSearchFolderLifeHours : 1
           OptimizeSearchFolderUse : 0
  I tried following and deleting the Unity System Profile:
  https://supportforums.cisco.com/discussion/11249996/unity-501-exchange-2010-unable-logon-mapi-mailbox
  But I am still scratching my head. Any direction will be appreciated.

  Turns out that unity came back after all this. Maybe it just needed time. I think I answered my own question.  Anyways, this post could serve for future reference. 

• Mac Office 2011 Calendar Events Moving on Exchange 2010

  Hello,
  I manage a domain environment that is fairly small. It has Server 2008, Outlook Exchange 2010, consisting of two domain controllers and a hand full of other Server2008 servers. All of these are virtualized on VMware ESXi and running off of a SAN as well.
  So that should give you a little idea of our configuration. The key issue that has been driving many people insane and I can't seem to find a resolution to is that Mac user's are having their Exchange calendar entries move. PC users are not having this happen.
  I have instructed the users to be very careful about appropriate time zones when creating the events, permissions to not let anyone else edit them. This is still occurring and I can't seem to find an answer online as to why. All of the VM's clocks are good.
  The end user clocks are set accordingly and I even began setting them static to where we are located. We have tried dissassociating the user's with this issue from their iPhone's thinking that maybe the phone was editing it some how through iCloud syncing
  etc. None of this has worked. Any other ideas or solutions would greatly be appreciated.
  Thanks.

  Hi,
  This forum focuses on questions and feedback for Windows-based Microsoft Office client. Since your query is directly related to Office for mac, I would suggest you to post in the forum of
  Office for Mac, where you can get more experienced responses:
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011?tab=Threads
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Install a temporary Exchange 2010 in an existing environment

  I have an existing production environment with 3 Exchange 2010 servers in a DAG configuration working well.I would now like to verify the backups by restoring databases to a new Exchange 2010 server which I will only keep for a limited time.When installing Exchange 2010 I get "You must be member of the 'Organization Management' role group or 'Enterprise Admin' to continue"I assume this is because I need some specific permissions in Active Directory I don't normally have. I could very well use a different account which I'm fairly sure has these permissions, but I want to make sure I'm not introducing instability in our production environment by adding a fourth Exchange 2010 server which will then be deleted again.I have no intention of configuring the fourth server as a DAG member, but I'm not really an Exchange person and I'm looking...
  This topic first appeared in the Spiceworks Community

  Hi FriendzKnight
  II,
  Try to perform exchange 2010 recovery using the recovery switch. Build new exchange 2010 server and restore the exchange 2010 from the backup using recovery switch.
  This will work to get back exchange 2010 in your existing exchange 2013 enivornment
  Exchange Queries

• Issue with Update Rollup 5 for Exchange 2010 SP3 - Mailboxes that were auto mapped not working

  Below is  my response in another thread but creating a new one in the hopes that someone has the same issue and a solution besides mine below.
  Ever since we installed Update Rollup 5 for SP3 Exchange 2010 mailboxes that were auto mapped are not accessible. They all get the same error.
  Cannot expand the folder. The set of folders cannot be opened. The attempt to log on to the Microsoft Exchange has failed.
  What I have been doing is removing the users permission, then adding them back using the noautomap switch in Powershell. After doing that, the user manually adds the mailbox and all is well.
  Just a note here, I suspect it may have something to do with the version of Outlook 2010. We are running an older version here. I think only SP1 with no other incremental updates. Office is up to SP2. Also, one of the users I was working with could not access
  the mailbox no matter what we tried but she can walk over to another workstation and open Outlook and access the very same mailbox so that pretty much proves its software related particularly with Outlook.
  I cannot reproduce the problem on a workstation (XP) with a newer version of Outlook.
  This has been wearing me out and I suspected the Update Rollup all long. Now I am confident as others are having the same problem. If you find out anything on how to fix this other than the steps above, let me know.

  Not sure why it was suggested to use the auto mapping feature to grant permissions because that is the component that is causing the issue. Also, there is nothing wrong with the auto configuration because the user can access their own mailbox just fine and
  also select mailboxes in their Outlook that were NOT auto mapped.
  With that said, here is how I fixed them all.
  Remove the permissions using the Exchange Console. Don't forget Send As
  Wait about 15 minutes. The mailbox should disappear from the users Outlook
  Open an Exchange PowerShell window and run the following command:
  .\add-mailboxpermissionsnoautomap.ps1 -Identity mailbox -User user -AccessRights FullAccess
  Have the user add the mailbox to their Outlook using the manual process.
  All is well....
  If you don't have the PS script add-mailboxpermissionsnoautomap.ps1, you can download it. I stumbled across it a few years ago and use it all the time. If you can't find it, just use the Exchange built in command for adding mailbox folder permissions but
  specify automap $false.
  The idea here is to grant the user access without auto mapping.

• Exchange 2010 - visibility of items in Public Folders

  Hello all,
  I already posted this question to the German Exchange 2010 forum, but have not gotten an answer yet. So I hope to be more lucky in the English forum.
  Environment: Exchange 2010 SP3 RU4, 2 replicas for Public Folders, Outlook 2007 cache Mode
  Problem:
  Some of our users have a phenomenon when working with mail enabled Public Folders:
  User has the focus set to Public Folder A, an email is sent there (and correctly delivered) but remains invisible to the user. When he changes the focus to point to his inbox or to Public Folder B and directly changes back to folder A he can see the email.
  Other users can see the email directly on delivery without leaving the folder first.
  When an affected user adds Public Folder A to his Public Folder Favorites he can see that an email is delivered from the change in numbers of unread mails (number in brackets behind folder name).
  I already checked the Exchange server to see if there is a replication related problem (though the default Public Folder DB is the same for all mailbox databases). Even after a successful replication an effected user does not see the email unless he leaves
  the folder and re-opens it.
  As the problem does not affect all users having permissions to this folder I picked one affected user and tried to remedy the issue as follows:
  - deleted the existing Outlook profile and re-created it => without success
  - deleted the user profile and re-created it => without success
  We use Outlook Cache Mode (set by policy, so the user cannot deactivate it) but there is no Public Folder data downloaded.
  When I create a new mail enabled Public Folder to test the scenario with an affected user everything works without problems, he can see an email on delivery.
  As far as I know this problem occurs with only two folders (and for both folders only a few users are affected - different users for each folder) I do not know what else to do. Can someone please give me a hint where to look at? Thanks in advance.
  Kind regards,
  Klaus

  The user is caching the public folder.  When he changes the focus and goes back, it tells Outlook to update.  In my experience, I've seen that Outlook only gets the update notices for the primary mailbox, so cached shared mailboxes are generally
  rarely updated.  We have stopped caching shared mailboxes for this reason and others.  Think of the following scenario:
  Ten different users perform actions on items in a shared mailbox
  When they first get the message, they move it to a subfolder in the mailbox (so it won't be there for other users)
  Since users are working in Cached mode, they will see an out-of-date image of the mailbox - they will move the item in their copy of the mailbox, but that won't be reflected in the other mailboxes until their copy updates to the server, then the server updates
  the other copies.  Talk about being lagged ...