Solved

Users cannot send emails anymore.....only domain admins can !!

Posted on 2007-11-20
8
923 Views
Last Modified: 2012-08-14
Hi all, well we have 2 exchange 2003 servers (back end/front end) and a mail filter appliance from ISS, everything was working fine till 3 days back, users cannot send any message, they can receive though.....whenever they try to send any message they get a bounced email saying the following:

The following recipient(s) cannot be reached:

      <mailbox name> on 11/21/2007 9:14 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            MSEXCH:MSExchangeIS:/DC=xxx/DC=xxx/DC=xxxxx:<Back end server name>

Tried to add any user who faces this issue to the domain admins group, guess what? he can send email without any problems and that bounced email doesn't exist!!!
Last thing happened before that issue occured, was deploying a WSUS server that updated the exchange server with latest updates ( few security updates and exchange updates ) were added....If it is a microsoft patch that caused that problem, which one is it??? if it is something else that has to do with permissions and security, what can it be???

Please assist as soon as possible since its a very sensitive issue.



 
0
Comment
Question by:AMFOP
8 Comments
 
LVL 13

Expert Comment

by:vishal_breed
Comment Utility
Can you name us the patches were installed by WSUS on Exchange servers. According to me it must be similiar to "Send As" patch which was released in June 2006.
0
 

Author Comment

by:AMFOP
Comment Utility
ok last patches were:
as Exchange patches:
KB924334
KB926666
KB916803
KB931832
KB912442

as Win2k3 server patches:
KB933729
KB933360
KB941202
KB925876

Whats that send as patch ? what happens when it is applied ???
0
 
LVL 1

Expert Comment

by:kbitguru
Comment Utility
Hi AMFOP,
Did you check Authentication on your Default SMTP vitual server? You should allow mail relay to all authenticated users.

-kbITguru
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
I am not aware of any patches that would cause this problem, unless your security settings were mangled before and have now been corrected.

If you create a new user, does the problem continue?
Is this all email - internal between users and external? Does the problem follow to OWA?

Simon.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:vishal_breed
Comment Utility
One of the installed Exchange Pack is - KB 926666 (Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2)

This update requires following patches to keep version of store.exe @ certain level.

KB 916803 - MS06-019: Vulnerability in Microsoft Exchange Server could allow remote code execution
KB912442 - MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Kinldy check http://support.microsoft.com/kb/912918/ for same.




0
 

Author Comment

by:AMFOP
Comment Utility
ok , kbitguru the relay to all authenticated users is set and everything was working properly....Sembee, i created a new user in AD and gave him access right to a certain mailbox (full access) but same action occurred, and yes its NOT sending emails neither internally (between users) nor externally, but when on OWA i can send emails normally when i use the mailbox itself as login ( abc@xyz.org).....

well vishal_breed, i've reed that article and what i understood from it that if the user intending to send an email on behalf of a certain mailbox and he had full access permission on it, after installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too....please correct me if am mistaking......Anyhow,  will try that and see if it works and come back to you.....Thank you all for your responses.
0
 
LVL 13

Accepted Solution

by:
vishal_breed earned 500 total points
Comment Utility
Q. After installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too!!

Ans. Correct.

Explaination:
This patch was released by MS in June 2006 as most of the customers raised the issue; when full mailbox permission is assigned; Administrators can access any mailbox & can send email as CEO or as any person in the organization (considered as security threats).

But after installing this patch - BlackBerry kind of services hampered as BlackBerry account has Send As permission assigned on mailboxes of BlackBerry Users.

You can use script mentioned in
http://support.microsoft.com/kb/912918

Or follow
http://msexchangeteam.com/archive/2006/04/28/426707.aspx (Check the comments posted by various users after reading the articles. Follow any suitable method mentioned in Comments)
0
 

Author Comment

by:AMFOP
Comment Utility
Well Vishal_breed, you answered my question and guided me very well to solve the issue that i had no clue about and was a hectic one for the past 4 days :):)....you deserve all the points so bon appetite :):):)......thanks to everyone else who contributed and tried to help.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now