OWA - unable to open mailbox - permission issue

If you use the Open Other Mailbox option in OWA, does it work that way?
You get that option by selecting your own name in the top right corner.

-M

Thanks for the reply.
Yes true i figured out that before, it does work that way. Seems instead of using this format  https://<servername>/owa/<username of the user which i want to access>/Inbox
exchange 2007  uses      https://<servername>/owa/<username@domainname.com.

But strangely i am not able to open all the other mailboxes i have set permission for.
I have used the command:-
Add-ADPermission -identity "Mailbox Database" -User myself -AccessRights GenericAll
to access all the other mailboxes. I have gone through all the mailbox properties and checked under "manage full access permission" and i see my name under that.

I can only access mailboxes that i have added to my Outlook 2007 . Only thoses emails can be open.
I want access to all other emails >???

I don't know why you have used the permission "GenericAll". If you need to open a mailbox then all you need is FullMailbox Access, nothing else.

-M

The reason i have used it is because i want to extract or import mailboxes from edb using GFI exchange import tool. I am following there proceudre which says that you need to give the user permission over all other mailboxes you want to import. and hence the generic all (as per GFI).

Which command do i need then to give myseelf permission to access all other mailboxes. ?

How am i going to solve this problem ,its doing my head in. As per you i have used the
Get-MailboxDatabase -Server ESS-Exch7023 | Add-ADPermission -User Auditor -ExtendedRights Receive-As   to give myself .
I can add any mailbox i want to my Inbox in the Outlook but in OWA i can access only few mailboxes and for other it says " You do not have permission to open this mailbox. For access or for more information, contact technical support for your organization".
same mailbox i can open in outlook under my username and password..
does owa take time to update or something,,,confused !!!

Exchange caches permissions for a couple of hours. Therefore if you have made a change it can be two hours before the change takes effect.

-M

Hi M.
Okay as of now the administrator has the following permission , but i am unable to open mailbox of any other user via OWA.

[PS] C:\Documents and Settings\Administrator.BM\Desktop>get-mailboxdatabase | get-adpermission -user  "bm\administrator"
Identity             User                 Deny  Inherited Rights
--------             ----                 ----  --------- ------
BMEXCH01\First St... BM\administrator     False False     GenericAll
BMEXCH01\First St... BM\administrator     False True      GenericAll
BMEXCH01\First St... BM\administrator     True  True      Send-As
BMEXCH01\First St... BM\administrator     True  True      Receive-As
BMEXCH01\First St... BM\administrator     True  True      CreateChild, DeleteChild

Were you really told to use the Administrator account?

It wouldn't be the account I would use. If I was creating an account for all mailbox access then it would be a special account for that specific purpose, so that it doesn't have issues with inheritance. Administrator has an inherited Denied access to all mailboxes and Deny overrides Allow. It would also mean that a secure password can be used and restrictions on the use of the account applied.

-M

So you are saying create a new account and try it with that. But that doesnt answer my question still.
Inspite of the above permission on the administrator account why i am not able to access mailboxes of other users in owa ?

Created a brand new account - gave the access rights as under. Shouldnt it work ???? but its not working.
[PS] C:\Documents and Settings\Administrator.BM\Desktop>add-mailboxpermission "mailbox" -user "bm\newuser" -accessrights fullaccess

Identity             User                 AccessRights                            IsInherited Deny
--------             ----                 ------------                            ----------- ----
BM.com/OfficeUser... BM\masynch           {FullAccess}                            False       False

Thanks !
Well i think in order to get the access to other mailboxes via the OWA and not outlook you have to give access to each mailbox one by one as stated herer:-
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2008-10/msg02078.html

Plus i have tried both the methods which are stated in the below link but none seem to work for me.
http://www.rogerrabbit.net/wiki/Settings_permission_for_an_Exchange_database_/_Granting_access_to_all_mailboxes_(Exchange_2007)

any suggestions !

Is this for an application? Does that application use OWA for its interface or does it use MAPI? If it is using MAPI and now OWA then the OWA test is a waste of time. You are trying to set a permission for a test process rather than for production use.

-M

Yes its for the application purpose and that application uses OWA and not MAPI. Well currently its for the production use, i need to set these permissions to the online edb from where i can extract the old emails and then put those emails into the newly setup archive database.

Well if this is required for an application then I would ask them how to set the permissions. When vendors want something done to the permissions I think they should provide the instructions on what needs to be set. With Exchange 2007 that means a complete PowerShell command.

I know how I would go through all the mailboxes to give the relevant permissions, but that would mean that new mailboxes would require adjusting as well.

I have had a quick look on GFI's web site, but I can find nothing about OWA access, except for public folder access.

-M

You are right in saying that. I have been in touch with GFI itself for last 5 days. I am sure there is some kind of a bug or glitch in there application , they have asked me to install the latest release of the Mail Archiver. Will see if that overcomes the issue.
As about how they have described setting up permission , you can find it here:-
http://kbase.gfi.com/showarticle.asp?id=KBID003038

That is the first time I have seen that permission used by a third party application. I personally would say it was too much, and would prefer more granular permission, such as Full Mailbox Access. Alas that requires setting it on each mailbox (which doesn't take long). I have deployed GFI Mail Archiver a number of times, but always as a journaling application, never anything more. Poor instructions from GFI there.

-M

I have concluded that it has to do something with GFI applications itself that is posing this problem. Rather than wait and ponder upon there stupid suggestions, i have decided to extract the emails from each user's pst and then importing it into the database ,meaing i will have to go to each pc and do the laborious job, well atleast this way i wont have to deal with GFI's support, because trust me its useless. Here is what they told me is causing the problem. Read it and say what you think about it:-

 """ Thanks for your reply.
Looking at your log, the error being returned is 80040e19.
A search on this error returns that the issue lies in a folder name of the user Janp@xyz.co.uk (See: http://support.microsoft.com/kb/282125 )
It appears there are some special characters in this user's folder names which will case the error descriped in the Microsoft link above.
Please remove all (), ? and * from the folder names and try to import again. """"""

Here was my reply:-

""""  I have got no idea what the article is talking about.
Janp@xyz.co.uk was one of the several test users I tried to check if I can extract the emails.
If you are saying that there are some special characters in Janps folders, does that mean all the users I have tried so far have got these special characters in there folder?
Although I appreciate your response but I will be thankful if you can explain in detail how to go about it.
Furthermore I have checked the folders in the Inbox of JanP and there are no such special characters.
To prove this, I have created a brand new account namely masync  it has no emails or no folders - . I have used this very account and given full permission to this account on the edb. Even for this account the credentials can not be verified and I am still getting the same error. """"

FINALLY,
Turned out that GFI applications uses the /exchange virtual directory and not the /owa to access the mailbox database. I assume /excgange is not there by default so i had to create it.now everything is working.
I cant beleive those freaks wasted so much of our time by guiding us in the wrong direction (permission issue). Anyway i am awarding you the points because you have been helpful.
Thanks!