exchange 2013 sendas permission randomly denied
okay Experts --- brainstorming needed.
Migration from EX2007 - EX2013 CU3
all good.
Customer previously had address book segregation using ADSI edit and deny permissions for Address Lists. This have all been reset.
Upgraded CU3 - CU5 - all good
Upgraded CU5 - CU6 to fix problem with slow lookup for address books.
After that, this error appeared:
The customer have 100+ shared folders. SendAs permissions is given to a domain local group. Members of that domain local group is a global group - in that group the users needing SendAs permissions are members.
When working with Outlook in Online mode - they randomly cannot send an email as the shared mailbox. They can send 5 messages, then the sixth message is denied - given the error message "you don't have permission to send as the shared mailbox" - then either close and reopen Outlook and send, or just wait a couple of mins - then it works.
this happens at no predefined time intervals. it happens to all shared mailboxes, regardless of amount of emails, and connections. it happens in both online and cache mode.
We upgraded to CU7 - due to this https://support.microsoft.com/en-us/kb/3009291 - but still no fix.
the customer have 1 root domain (naturally) and 2 subdomains, with exchange in one, and the other no exchange recipients.
We set throttlingpolices to unlimited - still no fix.
Then one fix - if we give the user permission directly - it works. if we use groups only, it doesn't work. But it worked from CU3 via CU5 but stopped working in CU6 ---
Microsoft Support says ---- eeeh ... we don't know -- upgrade to CU8 - but that's no solution, as customer have several 3rd party integrations not compatible with CU8
soooooo ---- anyone?
Migration from EX2007 - EX2013 CU3
all good.
Customer previously had address book segregation using ADSI edit and deny permissions for Address Lists. This have all been reset.
Upgraded CU3 - CU5 - all good
Upgraded CU5 - CU6 to fix problem with slow lookup for address books.
After that, this error appeared:
The customer have 100+ shared folders. SendAs permissions is given to a domain local group. Members of that domain local group is a global group - in that group the users needing SendAs permissions are members.
When working with Outlook in Online mode - they randomly cannot send an email as the shared mailbox. They can send 5 messages, then the sixth message is denied - given the error message "you don't have permission to send as the shared mailbox" - then either close and reopen Outlook and send, or just wait a couple of mins - then it works.
this happens at no predefined time intervals. it happens to all shared mailboxes, regardless of amount of emails, and connections. it happens in both online and cache mode.
We upgraded to CU7 - due to this https://support.microsoft.com/en-us/kb/3009291 - but still no fix.
the customer have 1 root domain (naturally) and 2 subdomains, with exchange in one, and the other no exchange recipients.
We set throttlingpolices to unlimited - still no fix.
Then one fix - if we give the user permission directly - it works. if we use groups only, it doesn't work. But it worked from CU3 via CU5 but stopped working in CU6 ---
Microsoft Support says ---- eeeh ... we don't know -- upgrade to CU8 - but that's no solution, as customer have several 3rd party integrations not compatible with CU8
soooooo ---- anyone?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 47
I am not surprised, that is the story with every patch MS releases. However, upgrading to latest version is always good. but I prefer n-1. Also, I don't see CU8 fixes send-as permission issue mentioned by you. If you still have MS case, escalate it to tier-3 level. They should escalate to coding team, to check what is changed in CU6.
Is your Domain Controllers replicating properly? Exchange continually get directory info from Active Directory and Send-As is a AD Specific permission.
I would start by checking there and making sure that the DC's are replicating and are healthy. It could be possible that there is a domain controller that does not have the replicated changes on it. Use the following commands below to check replication.
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
dcdiag /v
Will.
I would start by checking there and making sure that the DC's are replicating and are healthy. It could be possible that there is a domain controller that does not have the replicated changes on it. Use the following commands below to check replication.
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
dcdiag /v
Will.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
looks like it was solved (for a looooooooooooong time ago - sorry for the delay) changing group scope to universal --- even though global and domain local should be working - as confirmed by MS Support
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.