Solved

Exchange 2003 SBS You Do Not Have Permission To Send To This Recipient on Local Recipients

Posted on 2013-01-30
8
566 Views
Last Modified: 2013-06-10
Hi All,

Looking for some help with a customers SBS2003 SP2 box, we have inherited this from the previous support guys who didnt have a clue.
Everyone logs in with the same username and password but they all have different mailboxes (i know i know you dont need to tell me). The login they use has access to all mailboxes to send as those mailboxes.
Now the problem, it seems that after some updates were installed and the server rebooted the login account in most cases is not able to send emails from the "email" account any more.
They can receive.
Any email returns an error with "You do not have permissions to send to this recipient, please contact your administrator"
One or two users are able to email but, comparing their group membership, exchange mailbox and AD permissions shows that they are all members of the same groups and have all the same permissions as the ones that dont work.
I need to see exactly why the mail is failing and if possible see the effective permissions of the accounts on the mailbox rather than the supposed applied permissions. Has anyone else ever had this?
0
Comment
Question by:sparky1977
8 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38834659
I would preferably run with DomainPrep and also ensure that the "allowInheritable" is checked on those users

- Rancy
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834663
Quick update, the only discernable difference is that the accounts that were originally set up were set as power users, the emails that work are for mailboxes that were set up as standard users.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834702
Ok i am now absolutely certain that this is a problem with the setup of users under SBS.
ALL the users that cannot send email are using email accounts where the user was set up with the SBS Power User template, ALL the users that DO work were set up using the Standard User template.
I know for a fact that even changing group memberships within ADUAC misses or leaves out permissions that are applied when the template is used to create the user.
Not sure what to do from here!
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 250 total points
ID: 38834715
Users if part of Protected groups would have issues as Rights do tend to revert

- Rancy
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 38835299
This is the problem:

http://support.microsoft.com/kb/907434

Time to get them on to their own accounts.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38839701
I don't if we are in the same page, you said in your initial question:

"Everyone logs in with the same username and password but they all have different mailboxes. The login they use has access to all mailboxes to send as those mailboxes."

Then you are saying something about users templates used to create the accounts.  This will contradict what you said since the beginning as  all users log in with the same credentials therefore looking at others users rights is not relevant there is only 1 user being used.

Besides thoses issues and the article described in KB907434 you will be better to take the time and start creating the proper users names (which I'm guessing they are not that many) or maybe just enforce them to use them (they might be already there).  Then work your way out to solve the mess/poor settings the organization is operating now.

I don't want to go all the way explaining the reasons why you should not have all users login with the same account and why you should have them separate as I do understand why one may attempt to do something like that so who ever created this setup was not expecting to have this many users or Microsoft figuring out a way to end this CALs issues.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38839811
Oh trust me i know the reasons :) and we always do it by the book, we have inherited this mess. Essentially the common logon details were set up and given permissions to different mailboxes in order to send as.
I suspect the patch with the protected groups config has broken it.
Indeed, each person should have a seperate username and password for it to be reliable and work properly which is what we are pushing for.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 39234246
The issue was down to all users having administrative permissions, this caused the problem when the Exchange SP removed the permissions for restricted groups, email now working fine.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now