• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1158
  • Last Modified:

Strange Permission issues with cfexchangeconnection

I've been trying to connect to MS Exchange 2003 server version 6.5.7638.1 using cfexchangeconnection on ColdFusion Enterprise version 8,0,1,195765 on a Windows 2003 server. I've tried 5 different logins within the company. Three logins have worked fine, and 2 logins won't work at all. On the logins that don't work, I get one of the following messages:

Cannot access Exchange server as a web application at [exchange server name].
Ensure that the Exchange web application is configured in IIS and Web Service Extension for the Exchange server is allowed

Could not log in to the Exchange server.
Verify server name, username, and password.

The code I've used (which worked fine for 3 out of 5 logins) is:

<cfexchangeconnection action="open" connection="myExchangeConnection" server="[servername]" username="[username]" password="[password]"/>

The network admin has matched the permissions from the working logins to the non-working ones, and it doesn't help. Though occasionally the message will change from the "cannot access" to "could not log in."

Has anyone else had this problem? Is there anyone with expertise about what happens under the hood with permissions when cfexchangeconnection tries to connect to exchange?

1 Solution
The only thing I can think of would be that "Outlook Web Access" hasn't been allowed for the two users you're having trouble with.
LilyGEAuthor Commented:
Thanks for the suggestion, but no - all the logins have Outlook Web Access. We also went through Active Directory and mirrored permissions from a working account to a non-working account. That didn't help either. The network admin then thought that perhaps it had something to do with Sharepoint, (since that was the only visible difference between the working and non-working accounts) so we made the Sharepoint settings match. Didn't help. I'm just hoping that someone out there has had the exact same thing happen and figured out what obscure setting is causing the problem!
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LilyGEAuthor Commented:
Very nice long thread, but ultimately not helpful:

The first part of the thread dealt with a bug in Exchange 2007, but we are using Exchange 2003.

A bit farther down, other folks were getting the same error as me, and the solution was to apply a hotfix. I've already applied the cumulative hotfix for CF 8 to fix some CFImage tag problems. So I don't see how that could be it either.
LilyGEAuthor Commented:
Another strange permutation is that for the logins which generate this error:

Cannot access Exchange server as a web application at [exchange server name].Ensure that the Exchange web application is configured in IIS and Web Service Extension for the Exchange server is allowed

If I change their password to an incorrect value, the resulting error message changes to:

Access to the Exchange server denied.Ensure that the user name and password are correct.

So it appears that the login is making it through security, and then throwing the following exception:


Hi, just curious if you have found a solution for this. I am experiencing the exact same issue right now ?
LilyGEAuthor Commented:
I've got an open ticket with Adobe on this. (I actually haven't heard back from them in a week. I need to rattle that tree again.) They said they were flummoxed. If I hear anything, I'll definitely post the solution here.

May I ask if you have any of the following parameters?

Did you upgrade from Exchange 5.5 to 2003 directly?
Are your non-working accounts potentially from the Exchange 5.5 era?

Lily we were on exchange 2007 and Windows 2008.

The solution we found was that we had to add the MailBox attributes, as the domain of the logon was different from the mail box created for me.

I think this will do the job. For the rest the exchange tags are working well for me in CF I must admit.

LilyGEAuthor Commented:
Adobe Support were stumped on our particular problem. We have been unable to get the pivotal emails to be accessible to cfexchangeconnection - some sort of permissions problem. It could be a result of the emails being created in Exchange 5.5 and upgraded to 2003... or not. Who knows.

The solution we are implementing is to create new email objects, and transfer the non-working ones to the new email objects. Fortunately, it is only a few email addresses that we need to be able to access via ColdFusion, so this is not an onerous solution.

A partial solution to some of our non-working emails was to add the mailbox attribute, so I will award the points to hanno62.
LilyGEAuthor Commented:
This solution (adding the mailbox attribute) worked for some of our non-working email accounts. Other accounts nothing worked for, so we are creating new email objects and transferring the old and inaccessible emails to the new objects.
LilyGEAuthor Commented:
Comment on the solution we tried:

So we created new accounts for the email addresses we wanted to be able to access with cfexchangeconnection. The first new email we created worked perfectly, whether calling that object directly, or via the mailbox attribute using the administrator login. The second and third email addresses were created in the same way with the same parameters and settings... and didn't work. Access denied. So we *copied* the one working email address - the first one we created. That finally did the trick - partially. One of the final two email addresses was accessible directly, and using the mailbox attribute, and the other was only accessible using the mailbox attribute. We decided that was good enough.

We still have no idea why some of the accounts we have in exchange are accessible via cfexchangeconnection, and some are not. The account that worked and that we copied to create new accounts should be identical, but we had problems with those as well.
LilyGEAuthor Commented:
Author Note: I've had to abandon the cfexchange tag completely due to more bugs with UID formats and being able to actually delete emails from the server when the emails have particular UID formats. I have been able to successful switch to the <cfpop> tag. It, too, has some problems. It uses "from" and "date" in the query output; since they are reserved words, it is impossible to run a query of queries off the resulting email recordset. That can be resolved by creating a new query in the page, and then copying the email content into the new query with different column names. It also pulls in the dates in a native format, and they have to be reformatted using the  <parsedatetime(myEmails.date,"pop")> function. It also sends the email body to 3 different possible fields, any combination of which can be blank, so you have to test all 3 fields to find the email message body. But it does work after all that is done.
Just FYI for anyone having cfexchange tag problems - hopefully by posting this others won't have to waste days of development time as I have done.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now