mojopojo
asked on
E-mail between users inside domain bounced - meeting requests attached.
I am running am Small Business Server 2003 w/Exchange 2003 – all service packs and updates applied. My users run Win XP Pro w/ Office 2003.
Most everything runs very well with one exception. I have users who continually receive the following error when sending certain e-mail to other users within the network.
I have users receiving this internally:
Subject: Undeliverable: Video Webinar
Your message
To: Bridget Rutherford
Subject: Video Webinar
Sent: Tue, 31 Oct 2006 09:12:16 -0600
did not reach the following recipient(s):
Bridget Rutherford on Tue, 31 Oct 2006 09:12:33 -0600
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<ourdomain.org #5.7.1>
It is not all e-mail between these two (and other) users. All users have AD accounts on the server and the origin/destination are both in my Exchange Server. So this should not be a result of SPAM protection.
These users frequently -- almost always -- get this returned message when sending meeting requests through outlook to other users in our domain.
Most of the posts I have seen dealing with this deal with rejected mail send to another domain/outside destination. What puzzles me is that my issue is entirely internal.
What is it about these meeting requests (attachments) that sets this off?
Is this a "fresh" installation of SBS or was it upgraded/migrated from a previous SBS instance?
Have you set any mail size restriction, mailbox size restriction in your exchange server? Check whether the users exceeded the storage limits..
ASKER
This was a fresh install of SBS 2003. Although I did not preform the instaltion (happened before I took the network) I have not found much else wrong - in terms of configurations. Although it has been relocated once in the past year with a new Isp and IP address.
No size limits set on the mailboxes that would effect this e-mail (receiver has used .5GB of 2GB limit) and the atachment in question is never more than 8KB.
They can send larger atachments with no trouble, but the e-mail with meeting requests from Outlook all bounce.
I'll go ahead and tet the send with other file-type atachments today, but I have had no reports of anyhting else causing this issue.
No size limits set on the mailboxes that would effect this e-mail (receiver has used .5GB of 2GB limit) and the atachment in question is never more than 8KB.
They can send larger atachments with no trouble, but the e-mail with meeting requests from Outlook all bounce.
I'll go ahead and tet the send with other file-type atachments today, but I have had no reports of anyhting else causing this issue.
ASKER
Just verified: this issue only occurs with meeting requests sent to certain uses within the domain. I am trying to isolate any commonality amount those addresses that is different than the others.
There are about 85 users in the domain and this is only occurring with mail sent to about 8 of them. But many are not included in any meeting requests. I'll create a group request sent to everyone in the domain and see how many users total get bounced.
There are about 85 users in the domain and this is only occurring with mail sent to about 8 of them. But many are not included in any meeting requests. I'll create a group request sent to everyone in the domain and see how many users total get bounced.
Can we turn up logging in Exchange System Manager to capture some more info? In ESM, highlight the server name, hit properties, then Diagnostics Logging, and highlight MSExchangeIS then Mailbox. Here are the categories I would recommend setting logging to maximum: Transport General, General, Transport Sending, Transport Delivering, Access Control, Send on Behalf of, Send As, Storage Limits, and IS/AD Synchronization. What we want to look for are warning/error events in the application event log, which should give us some more information than just the NDR's.
ASKER
Making the log settings change now...
I'll post the results when I test a fresh send with the meeting attachment.
I'll post the results when I test a fresh send with the meeting attachment.
ASKER
So far, after setting up the advanced Exchange logging I have only found one item in the Event Viewer, Application log that corresponds to a bounced e-mail containing the meeting request from Outlook:
Event Type: Warning
Event Source: MSExchangeIS Mailbox Store
Event Category: Access Control
Event ID: 1029
Date: 11/7/2006
Time: 12:54:58 PM
User: N/A
Computer: OURSERVER
Description:
DELEGATED_USERNAME@OURDOMA IN.com failed an operation because the user did not have the following access rights:
'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'
The distinguished name of the owning mailbox is /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USE RNAME. The folder ID is in the data section of this event.
For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 01 00 00 00 00 00 56 32 ......V2
Notice: In the "Description" the user name is not the senders, but another user who has delegated access to the sender’s mailbox.
In the line, "The distinguished name of the owning mailbox is..." the value for "CN=" was the correct senders name, not the delegate’s.
The user with delegated access is the principle’s assistant, and was not a recipient of the bounced e-mail. This was also NOT sent from that account. It was send by the account-holder from his Outlook installation, from his PC. I do not know why this delegated account has shown up in the event log during this transaction.
So far this is all I can find in the log pertaining to the failed transaction – log was created the exact second the message was bounced.
Is it possible that the delegation of the account to another user has caused this issue?
Event Type: Warning
Event Source: MSExchangeIS Mailbox Store
Event Category: Access Control
Event ID: 1029
Date: 11/7/2006
Time: 12:54:58 PM
User: N/A
Computer: OURSERVER
Description:
DELEGATED_USERNAME@OURDOMA
'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'
The distinguished name of the owning mailbox is /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USE
For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 01 00 00 00 00 00 56 32 ......V2
Notice: In the "Description" the user name is not the senders, but another user who has delegated access to the sender’s mailbox.
In the line, "The distinguished name of the owning mailbox is..." the value for "CN=" was the correct senders name, not the delegate’s.
The user with delegated access is the principle’s assistant, and was not a recipient of the bounced e-mail. This was also NOT sent from that account. It was send by the account-holder from his Outlook installation, from his PC. I do not know why this delegated account has shown up in the event log during this transaction.
So far this is all I can find in the log pertaining to the failed transaction – log was created the exact second the message was bounced.
Is it possible that the delegation of the account to another user has caused this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I extended the Delegate user rights to Full and that seems to have solved. If I were not in a position to allow that solution (if the delegate was not trusted or a personal assistant) I would have had to call MS for the hot-fix. I may still have to as the domain has other delegate users whose rights I cannot extend for security reasons. Besides, I would like Exchange/Outlook to work as it should.
I went with the quick-&-dirty fix for now.
Thanks everyone.
lollygagr, you got it.
Thanks again.
I went with the quick-&-dirty fix for now.
Thanks everyone.
lollygagr, you got it.
Thanks again.