davebrock
asked on
Mailbox Permissions in Exchange 5.5
I have a small Exchange 5.5 environment - single site, single server. I'm trying to give User_A the ability to open User_B's mailbox from Outlook (98 and 2000). Using Exchange Administrator, I've added User_A to the Permissions for User_B's mailbox with a "User" role. I've also configured the Exchange service in User_A's mail profile to open an additional mailbox (i.e. User_B).
When User_A starts Outlook, either 98 or 2000, the mailbox for User_B is listed in the folder view but when clicking on it or trying to expand it, Outlook says "Unable to display folder".
The real puzzling part is that if I wait long enough - I haven't timed it yet but it is at least 1/2 hr - User_A will eventually be able to open the additional mailbox. Same thing in reverse - Once User_A has access to User_B's mailbox, removing User_A from the permissions list will take a while to go into effect.
I've tried restarting Outlook, restarting the workstation etc. The network this is running on is sound and Exchange appears to be operating normal in all other respects.
Environment:
NT Domain
NT 4 SP6a
Exchange 5.5 SP4
Outlook 98 / 2000
Thanks for you help,
Dave
When User_A starts Outlook, either 98 or 2000, the mailbox for User_B is listed in the folder view but when clicking on it or trying to expand it, Outlook says "Unable to display folder".
The real puzzling part is that if I wait long enough - I haven't timed it yet but it is at least 1/2 hr - User_A will eventually be able to open the additional mailbox. Same thing in reverse - Once User_A has access to User_B's mailbox, removing User_A from the permissions list will take a while to go into effect.
I've tried restarting Outlook, restarting the workstation etc. The network this is running on is sound and Exchange appears to be operating normal in all other respects.
Environment:
NT Domain
NT 4 SP6a
Exchange 5.5 SP4
Outlook 98 / 2000
Thanks for you help,
Dave
ASKER
I do have a DNS entry for the server. It doesn't appear to be a communication problem as response from the server in all other respects is OK. I ran an RPING test to be sure. Communication between client and server is OK.
To test DNS resoluction go to command prompt and...
ping yourserver.yourdomain.com
This test bypasses WINS resolution and verifies that DNS is functioning for you.
"responding in all other respects" might be that the server is responding fine when the name is resolved through WINS.
Outlook is one of the very few applications that uses DNS before WINS in its name resolution. When you are using any other tool to get some kind of response from the server you are almost always resolving the name with WINS--therefore Outlook is the first place that "broken" DNS resolution shows up.
ping yourserver.yourdomain.com
This test bypasses WINS resolution and verifies that DNS is functioning for you.
"responding in all other respects" might be that the server is responding fine when the name is resolved through WINS.
Outlook is one of the very few applications that uses DNS before WINS in its name resolution. When you are using any other tool to get some kind of response from the server you are almost always resolving the name with WINS--therefore Outlook is the first place that "broken" DNS resolution shows up.
You need to give permissions to the mailbox from User_B's Outlook Today as well as to the folders.
Doesn't sound like permissions...
***** Quote **************
...if I wait long enough - I haven't timed it yet but it is at least 1/2 hr - User_A will eventually be able to open the additional mailbox...
***** Quote **************
***** Quote **************
...if I wait long enough - I haven't timed it yet but it is at least 1/2 hr - User_A will eventually be able to open the additional mailbox...
***** Quote **************
ASKER
Ping myserver.mydomain.com works fine. Outlook works fine in reading the user's primary mailbox, sending/receiving mail, etc. What's troubling is that I set permissions for additional mailboxes at the server that don't immediately take effect at the client.
I think that what you are trying to use is Delegation. To do this, go to the Tools menu in Outlook, and select Options. Then click on the Delegates tab. This will allow you to add users that will be allowed to see specific folders (i.e. Inbox, Tasks, etc...)from the user's mailbox. To view these folders from another client, select File > Open > Other User's Folder from the client who will be viewing the other user's Exchange information. You then be prompted for the username and folder that you would like to see. After you connect, it will be listed along with the other folders.
I have run into this before. Go into User_B's outlook. Right-Click over the "Outlook Today..." folder and choose "properties". Click on the "permissions" tab. Click "Add" to add User_A. Give User_A the User role. Click "OK" and close the "Properties" box. Next, right-click over User_B's "Inbox" folder and repeat the above process. This fixes the issue for me.
I find about a 10 minute delay sometimes when do same thing with Exchange 2000. Guess it considers updating permissions to be less important than delivering mail and leaves it to a lazy background process.
ASKER
I am aware of the other methods (delegation and folder permissions) of giving a user access to another user's folders. The method I am talking about is a documented method to give one user access to another user's entire mailbox. I would think that Exchange would give a high priority to mailbox permissions as this controls data security, so the fact that it takes so long for the permissions to go into effect concerns me. Is something Microsoft put in by design?...I hope not. Thanks for all the input so far...
Dave
Dave
ASKER
I am aware of the other methods (delegation and folder permissions) of giving a user access to another user's folders. The method I am talking about is a documented method to give one user access to another user's entire mailbox. I would think that Exchange would give a high priority to mailbox permissions as this controls data security, so the fact that it takes so long for the permissions to go into effect concerns me. Is something Microsoft put in by design?...I hope not. Thanks for all the input so far...
Dave
Dave
ASKER
Sorry about the duplicate comment...got an internal server error when trying to post.
davebrock,
Couple more questions...
Have you rebooted the Exchange server?
What is your setting for IS Maintenance? (In Exchange Administrator drill down to "Servers", select your server by name and get properties for it. IS Maintenance is one of the tabs).
IS Maint. is the process that updates individual mailboxes with current info-- such as...Is the mailbox over it's mail limit? Have new delegates been added?, It measures the actual size of mailboxes... lots of other stuff. If your setting is not set to always try setting it to always and see if that has any effect.
Couple more questions...
Have you rebooted the Exchange server?
What is your setting for IS Maintenance? (In Exchange Administrator drill down to "Servers", select your server by name and get properties for it. IS Maintenance is one of the tabs).
IS Maint. is the process that updates individual mailboxes with current info-- such as...Is the mailbox over it's mail limit? Have new delegates been added?, It measures the actual size of mailboxes... lots of other stuff. If your setting is not set to always try setting it to always and see if that has any effect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What's that Q number? That's a good one.
I'm wondering if that's been affected by any of the many service packs on 5.5.
I'm wondering if that's been affected by any of the many service packs on 5.5.
ASKER
That looks promising...I'll try it next time I'm on-site.
Check the IS Maintenance settings too. That can have a significant impact it it's not "maintaining" often enough.
ASKER
Thanks exchadm! That seems to be the solution. The article number is Q179065.
You either need a DNS entry for your Exchange server or an entry for your Exchange server in each client's HOSTS file.
Or you can change the binding order on the clients.
Many client systems have multiple protocols installed, and Exchange will attempt to communicate over each available protocol in sequence until a connection is established. By altering the default order in which RPC tries these protocols to match the protocols as they're used on your network, you can significantly increase an Exchange client's access speed. Although this doesn't technically increase the performance of your Exchange Server, it can increase the system performance from the user's perspective.
To make these changes, you have to dive into the Windows Registry (or the Exchange.ini file if you're using Win-dows 3.x-based clients), but this change isn't too difficult. Back up your system files and stick to the changes I'll describe, and you'll do just fine.
First, open the Registry Editor and find the key: HKEY_LOCAL_MACHINE\ Software\Microsoft\Exchang
1. Local RPC (ncalrpc)
2. TCP/IP (ncacn_ip_tcp)
3. IPX/SPX (ncacn_spx)
4. Named Pipes (ncacn_np)
5. NetBIOS (netbios)
6. Banyan Vines IP (ncacn_vns_spp)
In Windows 3.x, you must modify the Rpc_Binding_Order entry in the Exchange.ini file on the client, because Windows 3.x doesn't use a Registry. The format and protocol synonyms used are the same as in Windows 95/98 and NT. Windows 3.x-based clients use this default connection order:
1. Named Pipes
2. IPX/SPX
3. TCP/IP
4. NetBIOS
5. Banyan Vines IP