Solved

Exchange and Outlook 2010 - Send As not working for 1 specific user

Posted on 2013-12-09
6
1,247 Views
Last Modified: 2013-12-21
Exchange and Outlook 2010
User reported not being able to send as another user (same person) after being able to for quite some time.  User belongs to 2 domains, occasionally this user needs to be able to send as the same person but in a different domain.  Ex. johndoe@firstdomain.com and johndoe@seconddomain.com.

So I have send as, send on behalf of, and even full access permissions enabled for the user for the other domain.  The user tries to send as or on behalf of and gets this error "You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission."

I have tried removing the permissions and applying them again with no luck.  I even created 2 new test mailbox accounts (1 per domain) and applied the same permissions and send as works flawlessly.  I don't think its AD permissions (but I could be wrong).  

Is there an easy way to "fix" the users mailbox (in the case that its corrupt) or something else I can troubleshoot to figure out the problem?

Let me know if you need more info.

-THANKS!
0
Comment
Question by:K_IT
  • 4
6 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
Comment Utility
First you should not use both Send As and "Send on behalf of" pick one or the other. Another thing, if you are using Send As, find the user in Active Directory Users and Computers right click the user and select properties, click the Security Tab then press the Advance button.

In there you should see the User listed under there with Send As permissions. If you do not see this then this is why you cannot "Send As". Send As is an AD ACL not Exchange. If you have set this in the EMC and it has not replicated or updated the ACL's in Active Directory then you might have a delay/latency or replication issue with Active Directory.

Will.
0
 

Author Comment

by:K_IT
Comment Utility
Ok, I removed Send on behalf and left Send As.  I forced replication between all DC's.  I checked all the DC's that it could be authenticating with and see all DC's have the Send As permission set to Allow for the user of the other domain.

Could the mailbox be corrupt?  Is there logging that I can turn on that would give a better error message in the event logs?
0
 
LVL 9

Expert Comment

by:VirastaR
Comment Utility
Hi,

Based on your last comment, it seems like when you recreate a new mailbox "Send-as" works as expected and it could be possible that mailbox might be corrupted.

Check the below links to help you with information and tools for different ways used to repair outlook mailbox

How do you Repair a Users Mailbox in Exchange 2010 SP1?
Troubleshooting and repairing mailboxes and databases

Hope that helps :)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:K_IT
Comment Utility
Update:  Send As works perfectly fine from OWA but fails in Outlook for this user.  I suspect a bad GAL and updating GAL gives me error "Task '<<user>>' reported error (0x80190194): The operation failed."

Checking that out now.
0
 

Accepted Solution

by:
K_IT earned 0 total points
Comment Utility
Our GAL is not updating correctly which is a different topic, however I was able to fix this by changing from cached to Online mode and then selecting the user from the GAL.
0
 

Author Closing Comment

by:K_IT
Comment Utility
Our GAL is not updating correctly which is a different topic, however I was able to fix this by changing from cached to Online mode and then selecting the user from the GAL.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Outlook Free & Paid Tools
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now