Solved

E-mail between users inside domain bounced - meeting requests attached.

Posted on 2006-11-06
9
629 Views
Last Modified: 2012-05-05

I am running am Small Business Server 2003 w/Exchange 2003 – all service packs and updates applied. My users run Win XP Pro w/ Office 2003.

Most everything runs very well with one exception. I have users who continually receive the following error when sending certain e-mail to other users within the network.

I have users receiving this internally:


Subject: Undeliverable: Video Webinar

Your message

  To:      Bridget Rutherford
  Subject: Video Webinar
  Sent:    Tue, 31 Oct 2006 09:12:16 -0600

did not reach the following recipient(s):

Bridget Rutherford on Tue, 31 Oct 2006 09:12:33 -0600
    You do not have permission to send to this recipient.  For assistance, contact your system administrator.
    <ourdomain.org #5.7.1>


It is not all e-mail between these two (and other) users. All users have AD accounts on the server and the origin/destination are both in my Exchange Server. So this should not be a result of SPAM protection.

These users frequently -- almost always -- get this returned message when sending meeting requests through outlook to other users in our domain.

Most of the posts I have seen dealing with this deal with rejected mail send to another domain/outside destination. What puzzles me is that my issue is entirely internal.

What is it about these meeting requests (attachments) that sets this off?
0
Comment
Question by:mojopojo
  • 5
  • 3
9 Comments
 
LVL 5

Expert Comment

by:lollygagr
Comment Utility
Is this a "fresh" installation of SBS or was it upgraded/migrated from a previous SBS instance?
0
 
LVL 5

Expert Comment

by:cjtraman
Comment Utility
Have you set any mail size restriction, mailbox size restriction in your exchange server? Check whether the users exceeded the storage limits..
0
 
LVL 3

Author Comment

by:mojopojo
Comment Utility
This was a fresh install of SBS 2003. Although I did not preform the instaltion (happened before I took the network) I have not found much else wrong - in terms of configurations. Although it has been relocated once in the past year with a new Isp and IP address.

No size limits set on the mailboxes that would effect this e-mail (receiver has used .5GB of 2GB limit) and the atachment in question is never more than 8KB.
They can send larger atachments with no trouble, but the e-mail with meeting requests from Outlook all bounce.

I'll go ahead and tet the send with other file-type atachments today, but I have had no reports of anyhting else causing this issue.





0
 
LVL 3

Author Comment

by:mojopojo
Comment Utility
Just verified: this issue only occurs with meeting requests sent to certain uses within the domain. I am trying to isolate any commonality amount those addresses that is different than the others.

There are about 85 users in the domain and this is only occurring with mail sent to about 8 of them. But many are not included in any meeting requests. I'll create a group request sent to everyone in the domain and see how many users total get bounced.

 
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 5

Expert Comment

by:lollygagr
Comment Utility
Can we turn up logging in Exchange System Manager to capture some more info?  In ESM, highlight the server name, hit properties, then Diagnostics Logging, and highlight MSExchangeIS then Mailbox.  Here are the categories I would recommend setting logging to maximum: Transport General, General, Transport Sending, Transport Delivering, Access Control, Send on Behalf of, Send As, Storage Limits, and IS/AD Synchronization.  What we want to look for are warning/error events in the application event log, which should give us some more information than just the NDR's.
0
 
LVL 3

Author Comment

by:mojopojo
Comment Utility
Making the log settings change now...

I'll post the results when I test a fresh send with the meeting attachment.
0
 
LVL 3

Author Comment

by:mojopojo
Comment Utility
So far, after setting up the advanced Exchange logging I have only found one item in the Event Viewer, Application log that corresponds to a bounced e-mail containing the meeting request from Outlook:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            11/7/2006
Time:            12:54:58 PM
User:            N/A
Computer:      OURSERVER
Description:
DELEGATED_USERNAME@OURDOMAIN.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME. The folder ID is in the data section of this event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 01 00 00 00 00 00 56 32   ......V2


Notice: In the "Description" the user name is not the senders, but another user who has delegated access to the sender’s mailbox.
In the line, "The distinguished name of the owning mailbox is..." the value for "CN=" was the correct senders name, not the delegate’s.

The user with delegated access is the principle’s assistant, and was not a recipient of the bounced e-mail. This was also NOT sent from that account. It was send by the account-holder from his Outlook installation, from his PC. I do not know why this delegated account has shown up in the event log during this transaction.

So far this is all I can find in the log pertaining to the failed transaction – log was created the exact second the message was bounced.

Is it possible that the delegation of the account to another user has caused this issue?

0
 
LVL 5

Accepted Solution

by:
lollygagr earned 500 total points
Comment Utility
Yes - in fact when you have squirrely "you do not have permission to send" rights between internal users it's usually a delegate issue.  I was kind of expecting something similar when you turned up the logging, as I have had other delegate issues (for instance, with delegates and rules when in cached mode).  Sometimes these issues can require a hotfix that's only available from Microsoft Product Support Services (as in my case).  

Here's what I'd try first, in case the problem is "corrupted" delegates.   Try having the affected users remove the problem delegates, wait about 15-20 minutes, then you test meeting invites to them and see if the issue still occurs.  If it doesn't, then the users can try adding the delegates back in and testing again.  If the problem persists, this may be one of those issues requiring a non-public hotfix.
0
 
LVL 3

Author Comment

by:mojopojo
Comment Utility
I extended the Delegate user rights to Full and that seems to have solved. If I were not in a position to allow that solution (if the delegate was not trusted or a personal assistant) I would have had to call MS for the hot-fix. I may still have to as the domain has other delegate users whose rights I cannot extend for security reasons. Besides, I would like Exchange/Outlook to work as it should.

I went with the quick-&-dirty fix for now.

Thanks everyone.

lollygagr, you got it.

Thanks again.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now