Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

In a Microsoft Exchange Server 2010 environment, users cannot send email messages to a mail-enabled public folder. Additionally, the users receive non-delivery reports (NDRs) that contain a 5.2.0 status code. The NDRs resemble the following:

Delivery has failed to these recipients or groups:
<Display Name of Public Folder> <SMTP Address of Public Folder>
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic Information for administrators:
Generating Server: <FQDN of the Client Access Server running STOREDRV>
<SMTP-Address of mail-enabled Public Folder>#554 5.2.0 STOREDRV.Deliver.Exception:AccessDeniedException.MapiExceptionNotAuthorized; Failed to process message due to a permanent exception with message Cannot complete delivery-time processing.

This issue occurs if the following conditions are true:

  • You have more than one domain in your Active Directory forest.

  • You are running Windows Server 2008 or Windows Server 2008 R2 on the domain controllers in your domains.

  • The users who cannot send email messages to mail-enabled public folders are members of one or more of the following built-in security groups:

    • BUILTIN\Event Log Readers

    • BUILTIN\Cryptographic Operators

    • BUILTIN\IIS_IUSERS

    • BUILTIN\Certificate Service DCOM Access

Cause

This issue occurs because new domain local security groups are defined in Windows Server 2008 and in Windows Server 2008 R2. In a multiple-domain environment, these groups share the same well-known security identifier (SID). However, these groups are not included in the well-known SIDs list that is maintained by Exchange Server 2010 that is excluded from the check for ambiguity. Therefore, members of these groups that send email messages to a mail-enabled public folder are considered as ambiguous alias.

Resolution

To resolve this issue, install the following update rollup:

2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

Workaround

To work around this issue, remove the users from these security groups.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about a similar issue, click the following article number to view the article in the Microsoft Knowledge Base:

873393 A user receives an NDR that contains a 5.2.1 status code when the user tries to send an e-mail message to a public folder in Exchange Server 2003 For more information about well-known SIDs in Windows, click the following article number to view the article in the Microsoft Knowledge Base:

243330 Well-known security identifiers in Windows operating systems For more information about how to mail-enable a public folder, visit the following Microsoft website:

General information about how to mail-enable a public folderFor more information about well-known security identifiers and accounts, visit the following Microsoft website:

General information about well-known security identifiers and accounts

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×