Monday 16 March 2009

E2K7SP1 MapiExceptionNotAuthorized

One of my users is replying to a message sent to a public folder that's hosted on Exchange 2007 SP1.
He's getting the following type of non-delivereable message:

Fehler bei der Zustellung der Nachricht an folgende Empfänger oder Verteilerlisten:

Jobs
Problem mit dem Postfach des Empfängers. Microsoft Exchange versucht nicht, diese Nachricht erneut für Sie zuzustellen. Versuchen Sie, diese Nachricht erneut zu senden, oder wenden Sie sich mit dem folgenden Diagnosetext an Ihren Systemadministrator.

------------------
Mit Microsoft Exchange Server 2007 gesendet


Diagnoseinformationen für Administratoren:

Generierender Server: x.y.z.com

jobs@z.com
#550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service reported an error. The following information should help identify the cause of this error: "MapiExceptionNotAuthorized:16.18969:DA0B0000, 17.27161:0000000062020000000000001F00000000000000, 255.23226:00000000, 255.27962:7A000000, 255.27962:0A000000
-------------------

(I coloured it blue because it's Microsoft)

Here's what it means:
MapiExceptionNotAuthorized means that Mapi does not allow the action to be taken, due to the action not being authorized. Usually this is because the Anonymous user doesn't have the ability/rights to write messages to the Public Folder.
However, in this case, this isn't true - people are succesfully sending in CVs everyday, and those messages are turning up in the Public Folder. So Anonymous does have rights to create items in that folder.

There are three ways to investigate and control permissions on a Public Folder in E2K7 -
  1. using Powershell
  2. you can use Msoft's free and excellent tool, PFDAVAdmin, with simple, workable GUI
  3. you can do it all via Outlook if you have owner permission on the folder in the first place

Here's the p.shell you'll need:

To view permission on the PF, use the Get-PublicFolderClientPermission cmdlet.
For instance,
Get-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler" -User Anonymous | format-list

To give Anonymous the ability to create items, use the Add-PublicFolderClientPermission cmdlet.
For instance,
Add-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler" -AccessRights CreateItems -User Anonymous

This will also allow Anonymous to read items, something you don't want, in which case:
Remove-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler"-AccessRights ReadItems -User Anonymous

PFDAVAdmin: - connect to your Public folder store, rightclick on the Folder, choose "Folder Permissions" and check what Anonymous can do. Correct it if needed, then click the handy Commit Changes button. I like this tool as much as I liked that small fluffy wriggly puppy that bounced up to me on Saturday and gave my knee a great big friendly lick.

Outlook: rightclick the folder, choose Properties, then the Permissions tab.

For more information on rights, please see: http://technet.microsoft.com/en-us/library/bb310789.aspx

Note! Applying all of the above did not solve the issue for my user. However, removing him entirely from the list of allowed users on the mail-enabled folder, then adding him again with Publishing Editor permission .. that did fix it.
Posted by at

1 comment:

  1. Anonymous18 December 2009 at 00:01

    Get same error but was basicly

    forgot to give a group create item rights
    only reviever rights ( the can read but not send mails to it )

    gave that group create item rights and problem sovled

    IrDuck

    ReplyDelete

Subscribe to: Post Comments (Atom)