+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2008 R2 Thread, Exchange 2010 permissions issue in Technical; Hello All, Right having a tricky issue with permissions on Exchange 2010. One of the users has access to a ...
  1. #1

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19

    Exchange 2010 permissions issue

    Hello All,
    Right having a tricky issue with permissions on Exchange 2010. One of the users has access to a few other user's mailboxes. He has them added in Outlook and every few weeks will get errors saying he does not have access to them. The only way to solve it is to take off his access to the mailboxed then re-add them. This then works for a few weeks and then it all goes wrong again.
    We have tried fully updating the server, installing Exchange 2010 SP1, and even the step of recreating the user's entire AD account and mailbox. The server is running server 2008 R2, along with two domain controllers also running 2008 R2.
    Short of flattening it anyone got an idea?

  2. #2

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,177
    Thank Post
    217
    Thanked 1,291 Times in 801 Posts
    Blog Entries
    4
    Rep Power
    512
    What's the Outlook version?

    We had a similar problem with Outlook 2k7 and multiple mailboxes - especially high traffic ones, however since going to 2010 we've not had the same thing reoccur.

  3. #3

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    Most people use Outlook 2003. however the issue does occur when trying to access alternative mailboxes via the OWA as well.

  4. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    1. Can you reproduce the issue or does this only happen after x weeks
    2. If you give User A permissions to say User B and User C mailboxes, are you saying User A cannot access the mailbox again?
    3. What type of acces are you granting? Full mailbox access or to individual default folder (inbox, calendar etc..)?
    4. How is User A given access? Via Outlook or EMC?
    5. Is User A a delegate for User B and C?
    6. Is User A a member of a privledge group such as domain admin, account operators etc..

    Sukh

  5. #5

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    Thankyou for the response.
    1. We cannot force it to replicate the error, it happens after a seemingly random amount of time.
    2. User A will have access to B and C mailboxes, he will regularly delve in as they are active, and then one day it will just stop working.
    3. We are granting full mailbox access.
    4. via the Exchange management console
    5. No.
    6. he is a member of domain admin group.

  6. #6

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,177
    Thank Post
    217
    Thanked 1,291 Times in 801 Posts
    Blog Entries
    4
    Rep Power
    512
    When it happens, have you tried running TCPView? TCPView for Windows

    Once a certain number of tcp connections from one place have been initiated exchange will block future connections - so you should see a larger amount from affected clients.

  7. Thanks to Domino from:

    Potato-Peeler (27th April 2011)

  8. #7

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    If User A is a member of a Domain admin group, this could be the cause. Privledges groups and account as domain admins, account operators, administrator are protected secuirty groups. They are part of SDHolder. By default these groups are denied permissions to mailboxes unless you have explicitly modified how SDHolder works.

    However, saying that, SDHolder does not enforce after x weeks, the refresh is a lot quicker than minutes/hours.

    Are you sure that it happens every x weeks?

    As a test, I would remove user from domain admin, this isn't best practise, the reason for SDHolder.

    Admin account used for admin purposes, give User A an normall account and give this new user account full mailbox permissions and test.

    If this still an issue, then post back.

    If you can wait, then maybe we can try and reproduce.

    Sukh

  9. Thanks to sukh from:

    Potato-Peeler (27th April 2011)

  10. #8

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    Hey Guys, cheers for help so far. I have managed to get it fully working atm with both OWA and Office 2010. Although previously it hasent worked on OWA it is this time. Any ideas on how to make it work on the guys 2003 outlook?

  11. #9

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    If the User A has full mailbox permission to User B and C, then regardless of what client (Outlook) User A uses, User A should be able to access the mailbox.

    Are you trying to add as an additional mailbox?

    Sukh

  12. #10

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    Yes we are trying to add as an additonal mailbox. However on two different machines with 2003 it is not working, and on OWA and 2010 it is.

  13. #11

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Are you able to add the additional mailbox or does that fail too?
    2. If suceeds, what happens when you try to expand the mailbox for User B in Outlook?
    3. Do you get any errors?
    4. Is Outlook 2003 on the LAN? i.e are you connecting to Exchange 2010 on the LAN or are you usng OA?
    5. Apart from the additional mailboxs to be opened (User B and C) can User A logon to Outlook 2003 and send/receive email?
    6. Any reason why you want to use Outlook 2003?

    Sukh

  14. #12

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    Hello Sukh,
    1. You can add it.
    2. Unable to expand folders.
    3. Says this set of folders can't be opened (If it wasnt for OWA and Outlook 2010 working would presume permissions knackered)
    4. Both machines with outlook 2003 are on LAN. So is the attempt to access OWA and office 2010.
    5. Everything else appears to work.
    6. I hate it, our client refuses to move.

  15. #13

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Is this the same User who is a member of the Domain Admins group? If so, has he been removed?
    2. Is Outlook 2003 fully patched
    3. The same User who cannot open the additional mailboxes via Outlook 2003 can open the same mailboxes using Outlook 2010? right?

    Sukh
    Last edited by sukh; 27th April 2011 at 02:15 PM.

  16. #14

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    1. It is the same user, he has not come back from his meeting and is the chairman of the company so I am loathe to make changes to his account without permission.
    2. Both Outlook 2003 setups are fully patched with sp3.
    3. if it is the same user for both 2003 setups, OWA and 2010.

  17. #15

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Can you ensure that method 2 is set (manual method for Outlook 2003).

    Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement

    Sukh

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Exchange 2010 iphone issue
    By MaXiM in forum Windows Server 2008
    Replies: 24
    Last Post: 7th March 2013, 07:12 PM
  2. Exchange 2010 profile issue
    By Gardinho in forum Windows Server 2008 R2
    Replies: 14
    Last Post: 25th March 2011, 04:20 PM
  3. New Exchange 2010 Cert issue
    By jmair in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 22nd March 2011, 04:15 PM
  4. [Exchange 2010] Permissions question
    By leco in forum Windows Server 2008 R2
    Replies: 0
    Last Post: 11th May 2010, 04:47 PM
  5. exchange 2010 installation issue
    By RabbieBurns in forum Windows Server 2008 R2
    Replies: 15
    Last Post: 24th November 2009, 08:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •