Solved

Exchange 2003 SBS You Do Not Have Permission To Send To This Recipient on Local Recipients

Posted on 2013-01-30
8
575 Views
Last Modified: 2013-06-10
Hi All,

Looking for some help with a customers SBS2003 SP2 box, we have inherited this from the previous support guys who didnt have a clue.
Everyone logs in with the same username and password but they all have different mailboxes (i know i know you dont need to tell me). The login they use has access to all mailboxes to send as those mailboxes.
Now the problem, it seems that after some updates were installed and the server rebooted the login account in most cases is not able to send emails from the "email" account any more.
They can receive.
Any email returns an error with "You do not have permissions to send to this recipient, please contact your administrator"
One or two users are able to email but, comparing their group membership, exchange mailbox and AD permissions shows that they are all members of the same groups and have all the same permissions as the ones that dont work.
I need to see exactly why the mail is failing and if possible see the effective permissions of the accounts on the mailbox rather than the supposed applied permissions. Has anyone else ever had this?
0
Comment
Question by:sparky1977
8 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38834659
I would preferably run with DomainPrep and also ensure that the "allowInheritable" is checked on those users

- Rancy
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834663
Quick update, the only discernable difference is that the accounts that were originally set up were set as power users, the emails that work are for mailboxes that were set up as standard users.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38834702
Ok i am now absolutely certain that this is a problem with the setup of users under SBS.
ALL the users that cannot send email are using email accounts where the user was set up with the SBS Power User template, ALL the users that DO work were set up using the Standard User template.
I know for a fact that even changing group memberships within ADUAC misses or leaves out permissions that are applied when the template is used to create the user.
Not sure what to do from here!
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 250 total points
ID: 38834715
Users if part of Protected groups would have issues as Rights do tend to revert

- Rancy
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 38835299
This is the problem:

http://support.microsoft.com/kb/907434

Time to get them on to their own accounts.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38839701
I don't if we are in the same page, you said in your initial question:

"Everyone logs in with the same username and password but they all have different mailboxes. The login they use has access to all mailboxes to send as those mailboxes."

Then you are saying something about users templates used to create the accounts.  This will contradict what you said since the beginning as  all users log in with the same credentials therefore looking at others users rights is not relevant there is only 1 user being used.

Besides thoses issues and the article described in KB907434 you will be better to take the time and start creating the proper users names (which I'm guessing they are not that many) or maybe just enforce them to use them (they might be already there).  Then work your way out to solve the mess/poor settings the organization is operating now.

I don't want to go all the way explaining the reasons why you should not have all users login with the same account and why you should have them separate as I do understand why one may attempt to do something like that so who ever created this setup was not expecting to have this many users or Microsoft figuring out a way to end this CALs issues.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 38839811
Oh trust me i know the reasons :) and we always do it by the book, we have inherited this mess. Essentially the common logon details were set up and given permissions to different mailboxes in order to send as.
I suspect the patch with the protected groups config has broken it.
Indeed, each person should have a seperate username and password for it to be reliable and work properly which is what we are pushing for.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 39234246
The issue was down to all users having administrative permissions, this caused the problem when the Exchange SP removed the permissions for restricted groups, email now working fine.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question