Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message in the Operator Console in MOM 2005 when you use MOM 2005 to monitor Exchange Server 2003 or Exchange 2000 Server:


View products that this article applies to.

Symptoms

You use Microsoft Operations Manager (MOM) 2005 to monitor a computer that is running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server. When you do this, you receive an error message in the Operator Console in MOM 2005. This error message resembles the following error message:
Description: The script aborted its execution due to the following error: 0x800405ED(-2147219987) Unexpected error code received from 'EMPMS.MailFlowSender', description: [Collaboration Data Objects - [E_ACCESSDENIED(80070005)]]

↑ Back to the top


Cause

This issue can occur when the mailbox access account does not have the "Send As" user right for the mailbox of the MOM 2005 agent account.

Note The agent account is also known as the test account.

The mailbox access account may have lost the "Send As" user right because of a recent change in how the "Send As" user right is implemented in the different versions of Microsoft Exchange. This issue occurs when you have installed a hotfix that includes this change.

You can verify that you installed a hotfix that includes the change in the "Send As" user right by verifying that one of the following conditions is true:
You are running Microsoft Exchange 2000 Server Service Pack 3 (SP3) with version 6619.4 or a later version of the Store.exe file. Version 6619.4 of the Store.exe file was first made available in the following Microsoft Knowledge Base article:
915358 A hotfix is available to change the behavior of the Full Mailbox Access permission in Exchange 2000 Server
You are running Microsoft Exchange Server 2003 Service Pack 1 (SP1) with version 7233.51 or a later version of the Store.exe file. Version 7233.51 of the Store.exe file was first made available in the following Microsoft Knowledge Base article:
895949 �Send As� permission behavior change in Exchange 2003
Note This fix is not included with Microsoft Exchange 2003 Service Pack 2 (SP2). If you installed the Exchange Server 2003 SP1 version of this hotfix, you must install the Service Pack 2 version after you upgrade to Service Pack 2.
You are running Exchange Server 2003 SP2 with version 7650.23 or a later version of the Store.exe file. Version 7650.23 of the Store.exe file was first made available in the following Microsoft Knowledge Base article:
895949 �Send As� permission behavior change in Exchange 2003
Note This change was not included in Exchange 2000 Server SP3, in Exchange Server 2003 SP1, or in Exchange Server 2003 SP2. The change was implemented after release of all these service packs. However, the change is supported in each service pack. The change will be included in future service packs for these products.

If you install Exchange Server 2003 SP2, you must install the additional update to retain the new behavior. You must do this even if you already installed the version of the update for Exchange Server 2003 SP1.
For more information about the change in the "Send As" user right, click the following article number to view the article in the Microsoft Knowledge Base:
912918 Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003

↑ Back to the top


Resolution

To resolve this issue, you must grant the mailbox access account the "Send As" user right on the mailbox of the MOM 2005 agent account. The agent account is typically named "Server_Name_MOM."

Only the MOM 2005 agent mailbox for the first mailbox store actually sends mail flow script messages. Therefore, you must assign the "Send As" user right to the mailbox access account on only the mailbox of the agent account in the first mailbox store. Do this on each Exchange server that runs mailbox scripts.

To do this, follow these steps on the domain controller that hosts the MOM 2005 agent user account:
1.Start the Active Directory Users and Computers management console.
2.On the View menu, click Advanced Features to enable the Security page for user accounts.
3.In the left pane, click the container that contains the MOM 2005 agent user account.
4.In the right pane, right-click the MOM 2005 agent user account, and then click Properties.

Typically, the MOM 2005 agent user account is named "Server_Name_MOM."
5.Click the Security tab, and then click Add.
6.In the Look in box, click the appropriate object.
7.In the list of user accounts, click the MAA user account, click Add, and then click OK.
8.In the Permissions box, click to select the check box under the Allow column for the "Send As" permission.
9.Click OK.
10.Exit the Active Directory Users and Computers management console.
11.Wait about 15 minutes for the Exchange store to update its permissions cache and to make the new permissions effective.

↑ Back to the top


Keywords: KB924048, kbopmanalerts, kbprb, kbmonitoring, kbscript, kbtshoot, kberrmsg

↑ Back to the top

Article Info
Article ID : 924048
Revision : 3
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 426