Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Appointments, contacts, and tasks can't be synchronized for the mailbox because the mailbox user doesn't have sufficient permissions on this mailbox


View products that this article applies to.

Symptom

When you attempt to Test and Enable a mailbox in Dynamics 365, the following alert is logged:

"Appointments, contacts, and tasks can't be synchronized for the mailbox <Mailbox Name> because the mailbox user doesn't have sufficient permissions on this mailbox.
 
Email Server Error Code: Crm.80048306.Not enough privilege to access the Microsoft Dynamics 365 object or perform the requested operation."
 
If you click to view the details, the following additional details are shown:
 
"T:195
ActivityId: <GUID>
>Exception : Unhandled Exception: Microsoft.Crm.CrmSecurityException: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: <GUID>, OwnerId: <GUID>,  OwnerIdType: 8 and CallingUser: <GUID>. ObjectTypeCode: 4120, objectBusinessUnitId: <GUID>, AccessRights: WriteAccess     at Microsoft.Crm.BusinessEntities.SecurityLibrary.AccessCheckEx2(ExecutionContext context, SecurityPrincipal principal, SecurityPrincipal ownerPrincipal, Guid objectId, Int32 objectTypeCode, Guid objectBusinessUnitId, AccessRights rights)    at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeSyncUtility.HasExchangeSyncIdMappingAccess(Guid userId, Int32 userIdTypeCode, IACTProviderContext orgContext)    at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeSyncWorker.PerformPreMailboxSyncChecks()    at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeS..."
 

↑ Back to the top


Cause

The Dynamics 365 user associated with the mailbox does not have sufficient privileges. This is often caused by the user not having a security role assigned or their security role is missing user level read or write access to the Mailbox entity.

IMPORTANT: Verify the Owner of the mailbox record is the same as the User. Example: If the mailbox is a User mailbox for Paul Cannon, verify the Owner value within the mailbox record for Paul Cannon shows as Paul Cannon. If it is some other user, that user may not have access to this user's mailbox.

↑ Back to the top


Resolution

  1. As a user with the System Administrator role, open the mailbox record in Dynamics 365. NOTE: The alert includes a link to the mailbox record.
  2. Verify the Owner field on the mailbox form is populated with the name of the User. If some other user is listed, change it to be the same as this user.
  3. Click the link within the Owner field to open the User record for the owning user.
  4. Click Manage Roles to see which security role(s) is assigned to this user. 
  5. Navigate to Settings, click Security, and then click Security Roles.
  6. Open the roles found in step 4. Refer to this article for a list of required privileges and verify the user's security role contains these privileges.
  7. After verifying the user is the owner of their mailbox record and their security role contains the required privileges, click the Test & Enable Mailbox button within their mailbox record again. If the test does not result in Success, review the message that appears within the Alerts section.

↑ Back to the top


Keywords: Dynamics 365, appointment, contact, task, privilege, permissions, test, enable

↑ Back to the top

Article Info
Article ID : 4052824
Revision : 7
Created on : 8/13/2018
Published on : 8/13/2018
Exists online : False
Views : 326