Certain users cannot send email messages to a mail-enabled public folder in an Exchange Server 2010 environment

Article ID: 2578631 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

In a Microsoft Exchange Server 2010 environment, users cannot send email messages to a mail-enabled public folder. Additionally, the users receive non-delivery reports (NDRs) that contain a 5.2.0 status code. The NDRs resemble the following:
Delivery has failed to these recipients or groups:
<Display Name of Public Folder> <SMTP Address of Public Folder>
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic Information for administrators:
Generating Server: <FQDN of the Client Access Server running STOREDRV>
<SMTP-Address of mail-enabled Public Folder>#554 5.2.0 STOREDRV.Deliver.Exception:AccessDeniedException.MapiExceptionNotAuthorized; Failed to process message due to a permanent exception with message Cannot complete delivery-time processing.
This issue occurs if the following conditions are true:
  • You have more than one domain in your Active Directory forest.
  • You are running Windows Server 2008 or Windows Server 2008 R2 on the domain controllers in your domains.
  • The users who cannot send email messages to mail-enabled public folders are members of one or more of the following built-in security groups:
    • BUILTIN\Event Log Readers
    • BUILTIN\Cryptographic Operators
    • BUILTIN\IIS_IUSERS
    • BUILTIN\Certificate Service DCOM Access

CAUSE

This issue occurs because new domain local security groups are defined in Windows Server 2008 and in Windows Server 2008 R2. In a multiple-domain environment, these groups share the same well-known security identifier (SID). However, these groups are not included in the well-known SIDs list that is maintained by Exchange Server 2010 that is excluded from the check for ambiguity. Therefore, members of these groups that send email messages to a mail-enabled public folder are considered as ambiguous alias.

RESOLUTION

To resolve this issue, install the following update rollup:
2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

WORKAROUND

To work around this issue, remove the users from these security groups.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about a similar issue, click the following article number to view the article in the Microsoft Knowledge Base:
873393 A user receives an NDR that contains a 5.2.1 status code when the user tries to send an e-mail message to a public folder in Exchange Server 2003
For more information about well-known SIDs in Windows, click the following article number to view the article in the Microsoft Knowledge Base:
243330 Well-known security identifiers in Windows operating systems
For more information about how to mail-enable a public folder, visit the following Microsoft website:
General information about how to mail-enable a public folder
For more information about well-known security identifiers and accounts, visit the following Microsoft website:
General information about well-known security identifiers and accounts

Properties

Article ID: 2578631 - Last Review: October 28, 2011 - Revision: 1.0
APPLIES TO
  • Microsoft Exchange Server 2010 Service Pack 1, when used with:
    • Microsoft Exchange Server 2010 Enterprise
    • Microsoft Exchange Server 2010 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2578631

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com