Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 SBS You Do Not Have Permission To Send To This Recipient on Local Recipients

Posted on 2013-01-30
8
Medium Priority
?
580 Views
Last Modified: 2013-06-10
Hi All,

Looking for some help with a customers SBS2003 SP2 box, we have inherited this from the previous support guys who didnt have a clue.
Everyone logs in with the same username and password but they all have different mailboxes (i know i know you dont need to tell me). The login they use has access to all mailboxes to send as those mailboxes.
Now the problem, it seems that after some updates were installed and the server rebooted the login account in most cases is not able to send emails from the "email" account any more.
They can receive.
Any email returns an error with "You do not have permissions to send to this recipient, please contact your administrator"
One or two users are able to email but, comparing their group membership, exchange mailbox and AD permissions shows that they are all members of the same groups and have all the same permissions as the ones that dont work.
I need to see exactly why the mail is failing and if possible see the effective permissions of the accounts on the mailbox rather than the supposed applied permissions. Has anyone else ever had this?
0
Comment
Question by:sparky1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38834659
I would preferably run with DomainPrep and also ensure that the "allowInheritable" is checked on those users

- Rancy
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834663
Quick update, the only discernable difference is that the accounts that were originally set up were set as power users, the emails that work are for mailboxes that were set up as standard users.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834702
Ok i am now absolutely certain that this is a problem with the setup of users under SBS.
ALL the users that cannot send email are using email accounts where the user was set up with the SBS Power User template, ALL the users that DO work were set up using the Standard User template.
I know for a fact that even changing group memberships within ADUAC misses or leaves out permissions that are applied when the template is used to create the user.
Not sure what to do from here!
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 1000 total points
ID: 38834715
Users if part of Protected groups would have issues as Rights do tend to revert

- Rancy
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1000 total points
ID: 38835299
This is the problem:

http://support.microsoft.com/kb/907434

Time to get them on to their own accounts.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38839701
I don't if we are in the same page, you said in your initial question:

"Everyone logs in with the same username and password but they all have different mailboxes. The login they use has access to all mailboxes to send as those mailboxes."

Then you are saying something about users templates used to create the accounts.  This will contradict what you said since the beginning as  all users log in with the same credentials therefore looking at others users rights is not relevant there is only 1 user being used.

Besides thoses issues and the article described in KB907434 you will be better to take the time and start creating the proper users names (which I'm guessing they are not that many) or maybe just enforce them to use them (they might be already there).  Then work your way out to solve the mess/poor settings the organization is operating now.

I don't want to go all the way explaining the reasons why you should not have all users login with the same account and why you should have them separate as I do understand why one may attempt to do something like that so who ever created this setup was not expecting to have this many users or Microsoft figuring out a way to end this CALs issues.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38839811
Oh trust me i know the reasons :) and we always do it by the book, we have inherited this mess. Essentially the common logon details were set up and given permissions to different mailboxes in order to send as.
I suspect the patch with the protected groups config has broken it.
Indeed, each person should have a seperate username and password for it to be reliable and work properly which is what we are pushing for.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 39234246
The issue was down to all users having administrative permissions, this caused the problem when the Exchange SP removed the permissions for restricted groups, email now working fine.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
New style of hardware planning for Microsoft Exchange server.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question