[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2152
  • Last Modified:

Exchange 2013 Management Console "because the ACE isn't present" error

Hi,

I am trying to hide internal hostname from outgoing email through an Exchange Send Connector and have used the following command, as per a few blogs, including this one http://exchangepedia.com/2008/05/removing-internal-host-names-and-ip-addresses-from-message-headers.html.

However, when I run the command from Exchange Management Console I get errors, as shown below.

[PS] C:\Windows\system32>Get-SendConnector "AVG AntiSpam Outbound" | Remove-ADPermission -AccessRight ExtendedRight -Ext
endedRights ms-Exch-Send-Headers-Routing -user "NT AUTHORITY\Anonymous Logon"

Confirm
Are you sure you want to perform this action?
Removing Active Directory permission "AVG AntiSpam Outbound" for user "NT AUTHORITY\Anonymous Logon" with access rights
 "'ExtendedRight'".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
WARNING: Can't remove the access control entry on the object "CN=AVG AntiSpam Outbound,CN=Connections,CN=Exchange
Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=DPC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dpc,DC=local" for attribute "ExtendedRight
(ObjectType: eb8c07ad-b5ad-49c3-831e-bc439cca4c2a)" because the ACE isn't present.
[PS] C:\Windows\system32>

I have used ADSIedit to check the object is present but not sure how to investigate after this and am hoping someone has experience if this? Please help.

The OS of the Exchange server and DC is Windows 2012 R2 and the AD is at the latest Windows 2012 version.

Thanks
0
Gavin75
Asked:
Gavin75
1 Solution
 
Gavin75Author Commented:
Hi, thanks for trying but this is just the same command in slightly different order, so same result.
0
 
Gareth GudgerCommented:
This error almost implies that the permission has already been removed. Is this the only Send Connector you have in the environment?

After the change did you restart the Transport Queue?

Looks like you are doing outbound filtering with AVG. My guess would be that the AVG hop is applying internal information to the headers and not Exchange. Based on your error. Vendors like AVG can also add X-Header information to messages.

Maybe temporarily remove the outbound filtering through AVG and send directly to the internet. Send some test messages and see if your internal information is still present in the headers with AVG out of the mix. If not, then AVG is the culprit, not Exchange.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Gavin75Author Commented:
I'm not in a position to switch off the AVG outbound filtering due to potential business impact and have abandoned looking for answers. Thanks anyway
0
 
Gavin75Author Commented:
I never had the opportunity to test this theory but could be viable?
0
 
gangatrendCommented:
When you see this in 2013 - Can't remove the access control entry on the object because the ACE isn't present.

Go to the AD and search for the AD Object for the "Shared/Mailbox" - Right Click and Go to Properties - Go to the Security TAB - There users would be listed in there. Remove the users who you want to revoke their access or permissions from being able to access the "Shared/Mailbox" - Click Apply and OK.

This shall take a while for the AD to replicate the same on the mailbox and the permissions would be removed from it.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now