GAL, attachments et.al.
Posted on 2004-10-20
I have just subscribed to this group and I am having problems which I haven’t been able to solve. I've tried looking on Microsoft's troubleshooting and IT help etc. and I have 4 books and I'm getting no answers.
MY SETUP: I am running win 2000 server (MAIN), win 2000 server (POSTOFFICE) with Exhange Server 2000, and clients have Outlook 2002.
• Clients can send and receive email, but when they (workstations) try to attach a Word doc, the message pops up from Word “Unable to complete the operation. A fatal error has occurred in Outlook.” No event log errors show up in workstation computer nor main DC server nor exchange server. When they send an attachment as a .jpg file, it works no problem.
• The Global Address List is listed in the clients’ Outlook, but it’s empty. The admin can see it filled.
• On the client computer, I am getting an error “Source: USERENV, Category: None, Type: error, Event ID: 1000, User: NT AUTHORITY\SYSTEM, Computer: Actual_Name, Description: Windows cannot determine the user or computer name. Return value (1317)”.
• I created a new user so I could log on as the user at my workstation and check to see what is working or not.
When I try to setup an Outlook account, it says that the user name is not listed. That used to work too.
WHAT STARTED ALL THIS:
I set up Outlook Web Access, so that people could access their email from the internet when they were out of office. It required that I use Outlook Today mailboxes—the Exchange mailboxes on the server.
I discovered that, within our network, by using Outlook:File:Other users folders: all the staff's email was unprotected and readable.
I deleted some users, e.g. Authorized Users and Anonymous Users in the Exchsrvr directory. That’s when it all started. Unfortunately, I did not document the exact changes I made. I restored the two users I just mentioned, but it still doesn’t work. I don’t think I changed anything on the M drive, probably couldn’t.
I have not been able to find any info on who should have security access to what directories. Does anyone know what permissions a network client needs to access GAL and have other functions work properly?
Authorized Users group ?? with read and write ?? is that sufficient or necessary ?? Is Anonymous necessary ??
WHAT I’VE ALREADY TRIED:
* I believe I solved the unprotected email problem. The DC exchange group is “Exchange Enterprise Servers”, and there was Domain Users group in there. That may have been the security problem. I deleted it and it seems to have stopped the leak. But the other problems remain.
* I also used adsiedit to ensure authorized users have permissions to open Global Address List.
* In exchange System Mgr, in the properties for the GAL, authorized users and anonymous do have Open Address List checked and there are no denies anywhere.
* I did a restore of System State on both servers, and I reconfigured both servers to the “basicsv” and “basicdc” templates, but no change.
* I completely re-installed Exchange Server 2000 and all the updates to Sp4, but no change.
* When I try to set up Active Director Connector, I get an error “No mapping between account names and security IDs was done, Facility: Win32, Id no: c0070534, Microsoft Active Directory Connector Setup”.
My gut feeling is that this is a permissions problem, but where and what, I have not found. Any help I will greatly appreciate.