?
Solved

E-mail between users inside domain bounced - meeting requests attached.

Posted on 2006-11-06
9
Medium Priority
?
673 Views
Last Modified: 2012-05-05

I am running am Small Business Server 2003 w/Exchange 2003 – all service packs and updates applied. My users run Win XP Pro w/ Office 2003.

Most everything runs very well with one exception. I have users who continually receive the following error when sending certain e-mail to other users within the network.

I have users receiving this internally:


Subject: Undeliverable: Video Webinar

Your message

  To:      Bridget Rutherford
  Subject: Video Webinar
  Sent:    Tue, 31 Oct 2006 09:12:16 -0600

did not reach the following recipient(s):

Bridget Rutherford on Tue, 31 Oct 2006 09:12:33 -0600
    You do not have permission to send to this recipient.  For assistance, contact your system administrator.
    <ourdomain.org #5.7.1>


It is not all e-mail between these two (and other) users. All users have AD accounts on the server and the origin/destination are both in my Exchange Server. So this should not be a result of SPAM protection.

These users frequently -- almost always -- get this returned message when sending meeting requests through outlook to other users in our domain.

Most of the posts I have seen dealing with this deal with rejected mail send to another domain/outside destination. What puzzles me is that my issue is entirely internal.

What is it about these meeting requests (attachments) that sets this off?
0
Comment
Question by:mojopojo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 5

Expert Comment

by:lollygagr
ID: 17888827
Is this a "fresh" installation of SBS or was it upgraded/migrated from a previous SBS instance?
0
 
LVL 5

Expert Comment

by:cjtraman
ID: 17889222
Have you set any mail size restriction, mailbox size restriction in your exchange server? Check whether the users exceeded the storage limits..
0
 
LVL 3

Author Comment

by:mojopojo
ID: 17889426
This was a fresh install of SBS 2003. Although I did not preform the instaltion (happened before I took the network) I have not found much else wrong - in terms of configurations. Although it has been relocated once in the past year with a new Isp and IP address.

No size limits set on the mailboxes that would effect this e-mail (receiver has used .5GB of 2GB limit) and the atachment in question is never more than 8KB.
They can send larger atachments with no trouble, but the e-mail with meeting requests from Outlook all bounce.

I'll go ahead and tet the send with other file-type atachments today, but I have had no reports of anyhting else causing this issue.





0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Author Comment

by:mojopojo
ID: 17890471
Just verified: this issue only occurs with meeting requests sent to certain uses within the domain. I am trying to isolate any commonality amount those addresses that is different than the others.

There are about 85 users in the domain and this is only occurring with mail sent to about 8 of them. But many are not included in any meeting requests. I'll create a group request sent to everyone in the domain and see how many users total get bounced.

 
0
 
LVL 5

Expert Comment

by:lollygagr
ID: 17890479
Can we turn up logging in Exchange System Manager to capture some more info?  In ESM, highlight the server name, hit properties, then Diagnostics Logging, and highlight MSExchangeIS then Mailbox.  Here are the categories I would recommend setting logging to maximum: Transport General, General, Transport Sending, Transport Delivering, Access Control, Send on Behalf of, Send As, Storage Limits, and IS/AD Synchronization.  What we want to look for are warning/error events in the application event log, which should give us some more information than just the NDR's.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 17890572
Making the log settings change now...

I'll post the results when I test a fresh send with the meeting attachment.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 17899639
So far, after setting up the advanced Exchange logging I have only found one item in the Event Viewer, Application log that corresponds to a bounced e-mail containing the meeting request from Outlook:

Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      Access Control
Event ID:      1029
Date:            11/7/2006
Time:            12:54:58 PM
User:            N/A
Computer:      OURSERVER
Description:
DELEGATED_USERNAME@OURDOMAIN.com failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME. The folder ID is in the data section of this event.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 01 00 00 00 00 00 56 32   ......V2


Notice: In the "Description" the user name is not the senders, but another user who has delegated access to the sender’s mailbox.
In the line, "The distinguished name of the owning mailbox is..." the value for "CN=" was the correct senders name, not the delegate’s.

The user with delegated access is the principle’s assistant, and was not a recipient of the bounced e-mail. This was also NOT sent from that account. It was send by the account-holder from his Outlook installation, from his PC. I do not know why this delegated account has shown up in the event log during this transaction.

So far this is all I can find in the log pertaining to the failed transaction – log was created the exact second the message was bounced.

Is it possible that the delegation of the account to another user has caused this issue?

0
 
LVL 5

Accepted Solution

by:
lollygagr earned 2000 total points
ID: 17905915
Yes - in fact when you have squirrely "you do not have permission to send" rights between internal users it's usually a delegate issue.  I was kind of expecting something similar when you turned up the logging, as I have had other delegate issues (for instance, with delegates and rules when in cached mode).  Sometimes these issues can require a hotfix that's only available from Microsoft Product Support Services (as in my case).  

Here's what I'd try first, in case the problem is "corrupted" delegates.   Try having the affected users remove the problem delegates, wait about 15-20 minutes, then you test meeting invites to them and see if the issue still occurs.  If it doesn't, then the users can try adding the delegates back in and testing again.  If the problem persists, this may be one of those issues requiring a non-public hotfix.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 17940274
I extended the Delegate user rights to Full and that seems to have solved. If I were not in a position to allow that solution (if the delegate was not trusted or a personal assistant) I would have had to call MS for the hot-fix. I may still have to as the domain has other delegate users whose rights I cannot extend for security reasons. Besides, I would like Exchange/Outlook to work as it should.

I went with the quick-&-dirty fix for now.

Thanks everyone.

lollygagr, you got it.

Thanks again.

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question