Exchange 2013 send as permission not allowed

Similar Messages

• Sending email using Exchange 2013 defined email addresses not the account email address.

  Currently we are using exchange 2013. Let's say a user has a mailbox account defined that has a default email reply address of [email protected] Now I define additional email address for the same account. When the user tries to send an email he can only send from
  the default email address. Is it possible to send from a defined email anndress and not the default account email address?
  Best Regards
  Best Regards

  Not natively with Exchange.
  You will need 3rd party software if you want to have only one mailbox and the ability to send as any of the proxy addresses associated with it
  Example:
  http://www.ivasoft.biz/choosefrom2007.shtml
  Not sure if Exchange 2013 is supported with it yet
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Send As permission not working - Exchange 2010

  Trying to allow a user to send as from a distribution list on Exchange 2010. I ran the following command:
  Add-ADPermission -identity "Algentis - HR" -user mwong -AccessRights ExtendedRight -ExtendedRights "Send as"
  The users gets an access denied NDR error message in Outlook (both cached and non-cached mode) as well as OWA. Here is the exact NDR:
  Delivery has failed to these recipients or groups:
  [email protected]
  You can't send a message on behalf of this user unless you have permission to do
  so. Please make sure you're sending on behalf of the correct sender, or request
  the necessary permission. If the problem continues, please contact your
  helpdesk.
  Please help!

   Try to send mail through OWA, it may work. If it is, then it's Outlook issue.
  Solution: Have user update the offline address book (click Send/Receive tab, click Send/Receive groups and select Download Address Book). Better yet,
  1) Close Outlook
  2) Delete the offline address book folder under “C:\Users\username\AppData\Local\Microsoft\Outlook\Offline Address Books”  (I assume it’s Windows 7 computer, look under C:\documents and settings\username\…. for XP computers).
  3) Open Outlook and let it download new OAB.
  Other Possibilities are,
  1) You just gave “Send-As” permission for the user. Then, you have to wait for few hours. (you may restart Information Store to take effect the permission right away, who wants to do it?
  2) User’s Outlook got bad/outdated cached contact information. Search for *.NK* files under user’s profile and delete it. Obviously Close the Outlook first before you delete the *.NK* files.
  Please check this from your end & if you face any issue or have any query please let me know.
  Check the below mentioned link for your reference.
  http://anandthearchitect.wordpress.com/2011/07/17/exchange-2010-you-cant-send-a-message-on-behalf-of-this-user-unless-you-have-permission-to-do-so/

• Exchange 2007 - Send As Permission

  Hello, I have Exchange Server 2007 installed on my Windows Server 2008 system and am using an ASP.NET web application to send an e-mail message when certain events occur.  My problem is that I have everything set up and functioning properly, the e-mail message is sent with the designated e-mail address and I receive the e-mail message with no problems.  In order to do this, I have a generic e-mail address that I created for my domain and granted that generic e-mail address "Send As" permission for a different domain e-mail address and use the generic e-mail address in my ASP.NET web application for security purposes.
  My problem is the "Send As" permission seems to disappear very frequently.  It seems that I need to go into the Exchange Management Console and grant this Send As permission every time my server is rebooted, or even after going into Exchange Management Console to "Look around" and see what I have set up.  Does anybody know if there is a way to make the grant of Send As permission permanent so I don't have to constantly re-grant it?  I have applied SP1 to Exchange Server 2007 and am always sure to apply the most recent patches, etc. as soon as they are released.
  Thanks in advance!
  Tim

  Dear customer:
  Thanks for Bala’s reply. He is right.
  Active Directory uses a protection mechanism to make sure that ACLs are set correctly for members of sensitive groups. The mechanism runs one time an hour on the PDC operations master. The operations master compares the ACL on the user accounts that are members of protected groups against the ACL on the following object:
  CN=adminSDHolder,CN=System,DC=<MyDomain>,DC=<Com>
  Note "DC=<MyDomain>,DC=<Com>" represents the distinguished name (DN) of your domain.
  If the ACL is different, the ACL on the user object is overwritten to reflect the security settings of the adminSDHolder object (and ACL inheritance is disabled). This process protects these accounts from being modified by unauthorized users if the accounts are moved to a container or organizational unit where a malicious user has been delegated administrative credentials to modify user accounts. Be aware that when a user is removed from the administrative group, the process is not reversed and must be manually changed.
  The following list describes the protected groups in Windows Server 2003 and in Windows 2000 after you apply the 327825 hotfix or you install Windows 2000 Service Pack 4:
  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers
  Additionally the following users are also considered protected:
  • Administrator
  • Krbtgt
  So first, please check whether the user that you grant “sends as” permission for it belongs to the above group.  If so, open ADSIEDIT.msc,  Check"Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here" option on the adminSDHolder. And replicates all the DC, and grant “send as” permission for the user again via EMC, check whether the “send as” work fine.
  For more information about adminSDHolder, please refer to “MORE INFORMATION” section in the following article:
  Delegated permissions are not available and inheritance is automatically disabled
  http://support.microsoft.com/kb/817433/en-us
  Additionally, for more information about Exchange 2007 Permissions, please refer to the following documents:
  Exchange 2007 Permissions: Frequently Asked Questions
  http://technet.microsoft.com/en-us/library/bb310792.aspx
  Hope it helps. If you have any question, please feel free to let me know.
  Rock Wang - MSFT

• Exchange 2010: Send As Permission for group mailbox...

  Our helpdesk has a shared mailbox used for users to submit issues.  Up until a week ago, all of the helpdesk techs could send-as the shared mailbox.
   Now when they attempt to send as the shared mailbox via Outlook they get the error "You do not have the permission to send the message on behalf of the specified user.".  When I attempt to manage send as permission via EMC (using an account
  with Domain Admin privileges) I've found that the list of users who can send as is blank.  When I attempt to add send as permissions via EMC I get the error below:
  domain\username
  Failed
  Error:
  Active Directory operation failed on DC1.xxxxxx.local. This error is not retriable. Additional information: Access is denied.
  Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  The user has insufficient access rights.
  Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.140).aspx?v=14.3.195.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
  Exchange Management Shell command attempted:
  Add-ADPermission -Identity 'CN=account,DC=xxxxxx,DC=local'
  -User 'domain\username' -ExtendedRights 'Send-as'
  Elapsed Time: 00:00:00
  Anyone have any advice to fix this issue?
  Thanks in advance for your help.

  I got this sorted.  Here's the fix:
  On the problem account:  Open up active directory > Select the target user account > properties > Security Tab > advanced button.  If
  you cannot see the Security tab you have to go to view > advanced features
  On the Permissions tab put a check mark in Allow inheritable permissions from
  the parent and click ok

• Exchange 2013 CU3 Retention Policy Not working for Calendar & Tasks

  We are currently on Exchange 2013 CU3 with Online Archiving Enabled for the user
  Default policy is set to move  all the items in mailbox which are  older than 30 days to online archive mailbox.
  Calendar and Tasks Items are also getting archived alongwith other Outlook items from Inbox,Deleted Items etc
  Followed Technet website and created RPT for Calendar and Tasks with retention disabled
  Still DPT takes precedence and move all the items under Calendar and Task to Online Archive Mailbox

  Hi Sam,
  I recommend you refer to the following article, despite this for Exchange 2010, however the same applies to exhcnage 2013:
  Prevent archiving of items in a default folder in Exchange 2010
  To prevent the <acronym title="Default Policy Tag">DPT</acronym> from being applied to a default folder, you can create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for that folder (or disable
  any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the
  retention action of a disabled tag. Since the item/folder still has a tag, it's not considered untagged and the DPT isn't applied to it.
  Why are items in the Notes folder still archived?
  If you create a disabled <acronym title="Retention Policy Tag">RPT</acronym> for the
  Notes folder, you'll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it?
  It's important to understand that:
  A retention policy can have a <acronym title="Default Policy Tag">DPT</acronym> to
  archive items (using the Move to Archive retention action) and a DPT to
  delete items (using the Delete and Allow Recovery or
  Permanently Delete retention actions). Both apply to untagged items.
  The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied - an archive tag and a delete tag. It's not an either/or proposition.
  If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items.
  When it comes to archiving, there's only one archive policy that administrators can enforce – the <acronym title="Default Policy Tag">DPT</acronym> with 'Move to archive' action.
  You can't create a <acronym title="Retention Policy Tag">RPT</acronym> with the 'Move to archive' action. This rules out using the disabled RPT approach to prevent items from being moved.
  Best regards,
  Niko Cheng
  TechNet Community Support

• Tricky Exchange 2013 send issue - im stumped...

  Hi everyone,
  I ran into an issue this morning in my Exchange 2013 SP1 environment today that has me stumped. Like most issues, it just happens. No changes, patches or updates to the system were applied and the system was normal until now. Here is my problem –
  My Outlook users have their own mailboxes, and my company has a Help Desk email box that has its own user account. My users are set up via Exchange / Outlook to have their own mailboxes and full access to Help Desk mailbox in their Outlook .
  Each Outlook client in configured with the users account, and the Help Desk account because users want to be able to hit the FROM button in Outlook and chose whether a reply comes from them personally or the Help Desk mailbox.  This has worked great,
  up until now.
  All of a sudden, you cannot send from the Help Desk account anymore. The mailbox opens up, a user can see and access all the mail and it is receiving email fine. But if a user wants to reply or create NEW email, choses FROM and uses the Help Desk account
  they get this error on sending
  Sending reported error (0x8004010F) Outlook data file cannot be accessed.
  The users regular account works fine.
  I recreated the mail profile, didn’t help the issue. I checked on OWA and if you access the Help Desk account on its own it sends fine.
  If you create an email from your own email account and CC the Help Desk, it sends fine.
  All users have Full Access permission and Send As permission on the server.
  Nothing has changed that I know of and this worked totally fine for almost a year until today, it just stops working.
  Any ideas, I’m totally stumped… I have to apply CU7 still this weekend, maybe that will do something. But as of now I cant even see any real errors as to whats going on here. 
  Ric

  Hi,
  In your case, please check the autodiscover and OAB by using "Test E-mail AutoConfiguration".
  If autodiscover fails, please troubleshoot the autodiscover by directly accessing the autodiscover url via IE and let me know the error code. If autodiscover works, you need to troubleshoot the OAB generation, publishing and downloading issues.
  For OAB generation and publishing issues, you can check the application logs on the CAS and Mailbox servers. For the OAB downloading issue, you can manually access the OAB url via IE and see if there is any error code.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2013 Autodiscover Android IOS not working

  Hello,
  I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.
  Windows Phone example Lumia worked with autodiscover correctly.
  All needed DNS entry and certificate are uploaded to Exchange.
  Test on https://testconnectivity.microsoft.com/  ended successfuly.
  Can Android and IOS supported autodiscover.
  BR/Lukas

  Yes i try  https://fqdn/Microsoft-Server-ActiveSync instead
  I have White page nothing else.
  IOS, Android work after manualy configured.   Windows Phone work with autodiscover wonderfully
  Ok we added public IP address to our CAS Server. Now from Internet i can login to /OWA or /ECP.
  What next to do? Change autodiscover.domain.com Record A to point NAT IP address CAS server?
  BR/Lukas

• Exchange 2013 Mailbox Replication Service not installed

  I have two Exchange 2013 Exchange CA servers running in a HA/Load Balance environment.  Both are missing the Mailbox Replication Service.  I didn't have any errors at any point during my installation.  I look at the list of services on the
  server and they're simply not there.
  If I go to c:\program files\Microsoft\Exchange Server\v15\Bin the exe and config files are there.  I tried just clicking the exe, but nothing changed.  I need to be able to import mailboxes, so this is critical.  I'm sure it is critical for
  other reasons too.
  Anything I can do here?

  Hey,
  It's a default behavior in Exchange 2013. Mailbox Replication service runs on MBX server role. You can review architecture of Exchange 2013 on below mentioned link.
  http://blogs.technet.com/b/marwahasamir/archive/2012/08/28/what-s-new-in-exchange-2013.aspx
  Pls mark this as answer if it resolves your issue. Thanks.
  Regards, Riaz Javed Butt Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365

• Exchange 2013 Information Store Service not starting

  This is the event viewer error: Event 4027 Msexchange AdAccess. 
  This is the description in spanish of the event:
  Proceso w3wp.exe (PID= 2788). Error en la solicitud WCF (Get Servers for xxxxx) al servicio de topología de Active Directory de Microsoft Exchange en el servidor (TopologyClientTcpEndpoint (localhost))

  Hello. We rebooted our Exchange 2013 Server and now  Information Store Service is not starting among other main services.
  When I try to start manually the service it turns an error 2414. I found out in some pages that enabling IPv6 should make it work but in my case it doesn't.
  Any idea?
  This topic first appeared in the Spiceworks Community

• Exchange 2013 + 2007 OWA coexistance not redirecting properly (HTTP 400)

  Hello.  I am using this document to funnel our new Exchange 2013 external traffic through an IIS ARR reverse proxy, much like we already do for MIcrosoft
  Lync 2013 on this machine.  
  http://blogs.technet.com/b/exchange/archive/2013/08/02/part-2-reverse-proxy-for-exchange-server-2013-using-iis-arr.aspx
  I followed this guide to a T. especially the part on the page 2 that I linked above about creating the legacy.domain.com server farm and URL rewrite rule.  This
  IIS ARR proxy seems to work fine for Outlook Anywhere, ActiveSync, OWA if the user's mailbox is on the Exchange 2013 server, but it does not work if an OWA user logs in with a mailbox on 2007.
  When the user has a mailbox on 2007, after logging into OWA they get HTTP 400 error.  The URL bar in the browser is changed to https://legacy.domain.com/owa/auth/owaauth.dll
  The Exchange 2007 server IIS logs show this:
  70.x.x.x, -, 11/1/2014, 9:45:48, W3SVC1, MAIL, 10.1.1.3, 0, 523, 132, 400, 0, POST, /owa/auth/owaauth.dll, -,
  I can't figure out why this is happening.  DNS is correct.  legacy.domain.com points to the 2007 Exchange server.  webm.domain.com points to the
  Exchange 2013 server.
  Any ideas?

  Doing more testing, I almost think the Exchange 2007 server keeps redirecting.  So the HTTP 400 is because when you hit legacy.domain.com, it redirects
  to webm.domain.com which redirects back to legacy.domain.com and vice versa.
  I put a test.txt file in the Exchange 2007 owa virtual directory and I cannot access it in any browser.  I tried https://legacy.domain.com/owa/test.txt and
  It redirects me to https://webm.domain.com(Exchange 2013).  I can however go
  one level (or more) deep on the legacy server and get a file such as https://legacy.doamin.com/owa/8.3.342.1/themes/base/logon.css and
  in the browser I see the code (both externally AND internally, so I know DNS and firewall is working).
  I can't find anywhere on IIS 6.0 on the Exchange 2007 server where any kind of redirection is taking place though.  Virtual Directory properies for owa say
  "A directory located on this computer: "C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa"  Enable default content page is checked with default.aspx but I looked at default.aspx in notepad and I don't see ANY code telling it to
  redirect.
  In Exchange 2007 management console OWA internal URL and External URL both sayhttps://legacy.domain.com/owa .
  I have no idea what is causing this redirection.  I did an iisreset and also recycled the OwaAppPool and no change.

• Iphone  4s error sending email does not allow relaying

  I am having problems sending emails on my new 4s iphone.  I have an account thru qwestoffice.net and Yahoo.  Both receive but will not send. Keep getting error message that says "recipient was rejected by the server because it does not allow relaying".  This happens with both email addresses.  I have set the accounts up with the same settings as I previously had on my Iphone 3g

  When you checked the information, did you check the outgoing server settings?
  Settings>Mail, Contacts, Calendars>Your email account>Account>Outgoing mail server - tap the server name next to SMTP and check in the primary server and make sure your username and password are entered and correct - even if it says that the password is optional.

• Exchange 2013 CU2 OWA Redirection not working

  Hi,
  I installed Exchange 2013 RTM in existing environment with Exchange 2010 Sp3 in our test environment.  After installing Exchange 2013 RTM I checked when I access OWA using Internal URl it redirected to Exchange 2010 CAS server's Internal URL and I was
  able to access Exchange 2010 mailbox.
  I upgraded to CU2 and now Exchange 2013 internal URl not re-directing it to Exchange 2010 mailbox anymore. I checked all the settings on virtual directories and made sure that FBA authentication is selected.  It is a test environment and I just wanted
  to test the re-direction in co-existence environment using Internal URL. It should work out of the box but not sure what happened.  There was no issue in CU2 instllation.
  Exchange 2013 CAS and mailbox roles are on separate servers.  Same with Exchange 2010.  There is no certificate 3rd party certificate install on CAS servers since it is a test environment.
  Not sure what else can I check.
  I appreciate if any help I can get.
  Thanks,
  Regards
  Raman
  Raman

  I have been seeing issue where 2013 OWA was not re-directing to Exchange 2013, as mentioned on top of this thread.  After spending days over it.
  Finally it resolved for me after doing the following: -
  Go to CAS 2010 IIS
  OWA directory -> Authentication -> Windows Authentication -> Add provider
  Negotiate and NTLM.
  Although, now when I click on "Options" once OWA is redirected to 2010.  ECP does
  not work.  It just open up ECP page but no link works not even sign out.  I had to click back on the browser's back button go get back to main OWA mail page.
  OWA and ECP directory settings are same.  I have checked several times.
  Thanks,
  Raman

• Exchange 2013 public folder can not create folder

  hello,
  we have migrate public folders to20102013.
  we can not createfolders / files inpublic folders.Access Rights seems to be
  ok on the control panel
  in Outlook, we can not apply change permissions
  what can i do to fix that ?
  all the public folder have migrate on the secondary mailbox public folder like the technet KB
  Please, help us !
  thank you

  Could you please have a look at below mentioned links ? May be, it will help you to sort-out the issue which you are getting right now while moving public folder :
  http://redmondmag.com/articles/2013/07/15/exchange-2013-cu2.aspx
  http://www.msexchange.org/articles-tutorials/exchange-server-2013/planning-architecture/exchange-2013-preview-public-folders-part1.html
  Carlo

• Exchange 2013 / Eudora POP-account not working

  I have a MAC (version 9) user who has Eudora (6.2.4). User tries to connect to Exchange 2013 server with POP-account but is unable to get this to work.
  I tried to search the web for this answer but couldn't.
  I would be happy to know if this is even possible to set up before I spend my time and customer's money on this.
  I got Eudora 7.1 working with IMAP on my XP Virtual machine, but I have no way of testing it with MAC-computer.
  Edit: I also got POP account working on my XP Virtual machine.

  Thanks for your reply. I do not know the specific error message as this happens to one of our end-customer and he has not provided detailed information about this.
  User can't update Eudora, because he is using older version of MAC.
  I would just like to know if it is even possible to connect Eudora 6.2.4 to Microsoft Exchange 2013.