Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Certain users cannot send email messages to a mail-enabled public folder in an Exchange Server 2010 environment

Certain users cannot send email messages to a mail-enabled public folder in an Exchange Server 2010 environment

View products that this article applies to.

Symptoms

In a Microsoft Exchange Server 2010 environment, users cannot send email messages to a mail-enabled public folder. Additionally, the users receive non-delivery reports (NDRs) that contain a 5.2.0 status code. The NDRs resemble the following:
Delivery has failed to these recipients or groups:
<Display Name of Public Folder> <SMTP Address of Public Folder>
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic Information for administrators:
Generating Server: <FQDN of the Client Access Server running STOREDRV>
<SMTP-Address of mail-enabled Public Folder>#554 5.2.0 STOREDRV.Deliver.Exception:AccessDeniedException.MapiExceptionNotAuthorized; Failed to process message due to a permanent exception with message Cannot complete delivery-time processing.
This issue occurs if the following conditions are true:
  • You have more than one domain in your Active Directory forest.
  • You are running Windows Server 2008 or Windows Server 2008 R2 on the domain controllers in your domains.
  • The users who cannot send email messages to mail-enabled public folders are members of one or more of the following built-in security groups:
    • BUILTIN\Event Log Readers
    • BUILTIN\Cryptographic Operators
    • BUILTIN\IIS_IUSERS
    • BUILTIN\Certificate Service DCOM Access

↑ Back to the top

Cause

This issue occurs because new domain local security groups are defined in Windows Server 2008 and in Windows Server 2008 R2. In a multiple-domain environment, these groups share the same well-known security identifier (SID). However, these groups are not included in the well-known SIDs list that is maintained by Exchange Server 2010 that is excluded from the check for ambiguity. Therefore, members of these groups that send email messages to a mail-enabled public folder are considered as ambiguous alias.

↑ Back to the top

Resolution

To resolve this issue, install the following update rollup:
2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

↑ Back to the top

Workaround

To work around this issue, remove the users from these security groups.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about a similar issue, click the following article number to view the article in the Microsoft Knowledge Base:
873393 A user receives an NDR that contains a 5.2.1 status code when the user tries to send an e-mail message to a public folder in Exchange Server 2003
For more information about well-known SIDs in Windows, click the following article number to view the article in the Microsoft Knowledge Base:
243330 Well-known security identifiers in Windows operating systems
For more information about how to mail-enable a public folder, visit the following Microsoft website:
General information about how to mail-enable a public folder
For more information about well-known security identifiers and accounts, visit the following Microsoft website:
General information about well-known security identifiers and accounts

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2578631
Revision : 1
Created on : 1/7/2017
Published on : 10/28/2011
Exists online : False
Views : 359