This week, I experienced an issue in which the mailbox for the administrator account could not be accessed via Exchange 2010 Outlook Web App (OWA), Outlook client or mobile device using Exchange ActiveSync (EAS). No other mailboxes were affected.
This is the error received when accessing OWA…
You don't have permission to open this mailbox.
To give a little background of the environment and scenario, we are migrating a customer from Exchange 2003 to Office 365 via a single Exchange 2010 hybrid server. All mailboxes were moved to Exchange 2010 and the Exchange 2003 servers were decommissioned. The administrator mailbox was accessible after it was moved to Exchange 2010.
Back to the details…
During an investigation, I found that the ‘Send As’ permissions for the administrator mailbox were non-existent though ‘Full Access’ permissions appeared set properly.
Also, in comparing the Active Directory security settings for “SELF” with a functioning domain administrator account with a mailbox, I found that specific read and write settings were not allowed not denied, such as ‘Receive As’ and ‘Send As’ to name a couple of this list…
- Receive As
- Send As
- Write Personal Information
- Write Phone and Mail Options
- Write Public Information
- Write Wed Information
Even though modifying these security settings appeared to have reset the default ‘Send As’ permissions in Exchange, it did nothing to resolve the issue with this one mailbox.
Furthermore, no errors were found in the event viewer of the Exchange 2010 server.
While researching the error, I found possible solutions in these references based on a search of the error…
However, these efforts still did not address the issue.
I double-checked the ‘Send As’ permissions in Exchange for the administrator mailbox and they were no longer enabled for “SELF”. When I attempted to re-apply “SELF” an error was received stating, “The user has insufficient rights”.
As a result, I created a copy of the administrator account with all of the same permissions (i.e. Domain Admins, Organization Management, etc.) and created a mailbox for the new account. Then, logging on to the Exchange server using the new account, I was able to successfully apply ‘Send As’ permissions for “SELF” to the administrator mailbox.
As a test, I successfully accessed the mailbox for the new account via OWA and then successfully connected to the administrator mailbox, via OWA as well–which I wasn’t able to do previously.
Additionally, (not that this is needed but) I set the administrator account to have ‘Send As’ and ‘Full Access’ permissions on its own mailbox. Once set, I was finally able to access the administrator mailbox via OWA, Outlook and EAS.
I am unsure what occurred between the administrator mailbox being moved to Exchange 2010 and the last time we accessed the mailbox until the time the error was discovered but the one thing I do know, is that I haven’t experienced this issue before. In my opinion, this was truly an anomaly.