Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

PrivilegeDenied error occurs when using Server-Side Synchronization


View products that this article applies to.

Symptom

When using Server-Side Synchronization in Dynamics 365, you encounter the following error after clicking Test & Enable Mailbox:

"Appointments, contacts, and tasks can't be synchronized for the mailbox <Mailbox Name> because the mailbox user doesn't have sufficient permissions on this mailbox.
Email Server Error Code: Crm.80040220.PrivilegeDenied"

↑ Back to the top


Cause

This error will appear if the user associated with the mailbox record does not have sufficient privileges to use Server-Side Synchronization.

↑ Back to the top


Resolution

Modify the user's security role to include the missing privilege.  When you click the Details section, it should include the name of the missing privilege.  In the example below, the user is missing the read privilege for the Email Server Profile entity.
 

T:331ActivityId: <GUID>>Exception : Unhandled Exception: Microsoft.Crm.Asynchronous.EmailConnector.ExchangeSyncException: Failed to update the sync state : Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Principal user (Id=<GUID>, type=8) is missing prvReadEmailServerProfile privilege (Id=edebe6f6-cf2e-4520-b635-ae0615d41e34)Detail: f6afa1da-a317-4cfd-a3ea-cb062b28dbcf -2147220960 Principal user (Id=<GUID>, type=8) is missing prvReadEmailServerProfile privilege (Id=edebe6f6-cf2e-45...

For a list of privileges that may be required to use Server-Side Sync, refer to the More Information section.

↑ Back to the top


More Information

The following table lists privileges required to use Server-Side Synchronization and the tab in a security role where the privilege can be found. A user with the System Administrator role can locate and modify a security role by navigating to Settings, Security, Security Roles. To view which role(s) are assigned to a specific user, navigate to Settings, click Security, click Users, select the specific User record, and then click Manage Roles. 

Privilege name Entity Location (tab) within security role
prvReadEmailServerProfile EmailServerProfile Business Management
prvWriteMailbox Mailbox Business Management
prvReadMailbox Mailbox Business Management
prvReadOrganization Organization Business Management
prvSyncToOutlook (exchangesyncidmapping Outlook Business Management --> Privacy-related privileges
prvReadActionCard ActionCard Core Records
prvDeleteActivity Activity Core Records
prvAppendActivity Activity Core Records
prvWriteActivity Activity Core Records
prvCreateActivity Activity Core Records
prvReadActivity Activity Core Records
prvAppendToActivity Activity Core Records
prvReadConnection Connection Core Records
prvAssignContact Contact Core Records
prvReadContact Contact Core Records
prvWriteContact Contact Core Records
prvCreateContact Contact Core Records
prvDeleteContact Contact Core Records
prvReadUserQuery Saved View Core Records
prvReadQueue Queue Core Records
prvReadQuery View Customization
prvReadIncident Case Service
prvSearchAvailability   Service Management --> Miscellaneous Privileges
prvOverrideCreatedOnCreatedBy   Service Management --> Miscellaneous Privileges

↑ Back to the top


Keywords: PrivilegeDenied, 80040220, CRM Online, Dynamics 365, Server-Side Synchronization, permissions

↑ Back to the top

Article Info
Article ID : 4015092
Revision : 6
Created on : 7/3/2019
Published on : 7/3/2019
Exists online : False
Views : 472