Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Certain users cannot send email messages to a mail-enabled public folder in an Exchange Server 2010 environment


View products that this article applies to.

Symptoms

In a Microsoft Exchange Server 2010 environment, users cannot send email messages to a mail-enabled public folder. Additionally, the users receive non-delivery reports (NDRs) that contain a 5.2.0 status code. The NDRs resemble the following:
Delivery has failed to these recipients or groups:
<Display Name of Public Folder> <SMTP Address of Public Folder>
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic Information for administrators:
Generating Server: <FQDN of the Client Access Server running STOREDRV>
<SMTP-Address of mail-enabled Public Folder>#554 5.2.0 STOREDRV.Deliver.Exception:AccessDeniedException.MapiExceptionNotAuthorized; Failed to process message due to a permanent exception with message Cannot complete delivery-time processing.
This issue occurs if the following conditions are true:
  • You have more than one domain in your Active Directory forest.
  • You are running Windows Server 2008 or Windows Server 2008 R2 on the domain controllers in your domains.
  • The users who cannot send email messages to mail-enabled public folders are members of one or more of the following built-in security groups:
    • BUILTIN\Event Log Readers
    • BUILTIN\Cryptographic Operators
    • BUILTIN\IIS_IUSERS
    • BUILTIN\Certificate Service DCOM Access

↑ Back to the top


Cause

This issue occurs because new domain local security groups are defined in Windows Server 2008 and in Windows Server 2008 R2. In a multiple-domain environment, these groups share the same well-known security identifier (SID). However, these groups are not included in the well-known SIDs list that is maintained by Exchange Server 2010 that is excluded from the check for ambiguity. Therefore, members of these groups that send email messages to a mail-enabled public folder are considered as ambiguous alias.

↑ Back to the top


Resolution

To resolve this issue, install the following update rollup:
2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

↑ Back to the top


Workaround

To work around this issue, remove the users from these security groups.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More Information

For more information about a similar issue, click the following article number to view the article in the Microsoft Knowledge Base:
873393 A user receives an NDR that contains a 5.2.1 status code when the user tries to send an e-mail message to a public folder in Exchange Server 2003
For more information about well-known SIDs in Windows, click the following article number to view the article in the Microsoft Knowledge Base:
243330 Well-known security identifiers in Windows operating systems
For more information about how to mail-enable a public folder, visit the following Microsoft website:
For more information about well-known security identifiers and accounts, visit the following Microsoft website:

↑ Back to the top


Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2578631
Revision : 1
Created on : 1/7/2017
Published on : 10/28/2011
Exists online : False
Views : 387