Exchange Server Forums

You do not have permission to perform this action on one users inbox

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> You do not have permission to perform this action on one users inbox

Page: [1]

Message

<< Older Topic Newer Topic >>

You do not have permission to perform this action on on... - 3.Apr.2009 3:54:50 PM

jhinkle

Posts: 18
Joined: 18.Mar.2009
Status: offline

Last weekend we had a power outage in our building that took down all of our equipment. When I came in on Monday everything was working ok except for one users mailbox. I had to use CA Arcserve to restore his files back into the database. Afterwords he seemed to be working ok. Today however when he tried to log into his inbox through OWA light (that's all we have here) he gets the " You do not have permission to perform this action" on his inbox and only his inbox. Everything else works fine but he can't read messages out of his inbox. I've gone over all the other threads I could find about this problem but the only solution people seem to have is to:

Open IIS
Open Application Pools
Right click on DefaultAppPool and choose properties
Click on the identity tab
Change the predefined setting to Local Service.

It had always been set at Network Service and I never had any issues. This only started after he lost everything when the server crashed last weekend.   Now I can't seem to find any information as to why he would be able to access everything but his Inbox. The only other place I could think there would be some kind of setting for this would be in the Exchange DB itself but when I look at his settings he's setup like everyone else. See below:

[PS] C:\Documents and Settings\Administrator.IKDIST>get-casmailbox "*removed" | fl

EmailAddresses                        : {smtp:*removed, SMTP:*removed}
LegacyExchangeDN                      : /o=IK Dist/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=*removed
LinkedMasterAccount                   :
PrimarySmtpAddress                    : *removed
ProtocolSettings                      : {OWA�1}
SamAccountName                        : lloudon
ServerLegacyDN                        : /o=IK Dist/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=IKEXCH1
ServerName                            : ikexch1
DisplayName                           : *removed
ActiveSyncAllowedDeviceIDs            : {}
ActiveSyncMailboxPolicy               :
ActiveSyncDebugLogging                :
ActiveSyncEnabled                     : True
HasActiveSyncDevicePartnership        : True
OWAEnabled                            : True
OWACalendarEnabled                    :
OWAContactsEnabled                    :
OWATasksEnabled                       :
OWAJournalEnabled                     :
OWANotesEnabled                       :
OWARemindersAndNotificationsEnabled   :
OWAPremiumClientEnabled               :
OWASpellCheckerEnabled                :
OWASearchFoldersEnabled               :
OWASignaturesEnabled                  :
OWAThemeSelectionEnabled              :
OWAJunkEmailEnabled                   :
OWAUMIntegrationEnabled               :
OWAWSSAccessOnPublicComputersEnabled :
OWAWSSAccessOnPrivateComputersEnabled :
OWAUNCAccessOnPublicComputersEnabled :
OWAUNCAccessOnPrivateComputersEnabled :
OWAActiveSyncIntegrationEnabled       :
OWAAllAddressListsEnabled             :
OWAChangePasswordEnabled              :
PopEnabled                            : True
PopUseProtocolDefaults                : True
PopMessagesRetrievalMimeFormat        : BestBodyFormat
ImapEnabled                           : True
ImapUseProtocolDefaults               : True
ImapMessagesRetrievalMimeFormat       : BestBodyFormat
MAPIEnabled                           : True
MAPIBlockOutlookNonCachedMode         : False
MAPIBlockOutlookVersions              :
MAPIBlockOutlookRpcHttp               : False
IsValid                               : True
OriginatingServer                     : *removed
ExchangeVersion                       : 0.1 (8.0.535.0)
Name                                  : *removed
DistinguishedName                     : CN=*removed,OU=IT Administrators,OU=User Accounts,DC=IKDIST,DC=com
Identity                              : *removed
Guid                                  : 51ac5e99-75af-49f0-87e1-693cc8c142bd
ObjectCategory                        :*removed/Configuration/Schema/Person
ObjectClass                           : {top, person, organizationalPerson, user}
WhenChanged                           : 4/3/2009 3:14:40 PM
WhenCreated                           : 7/5/2007 11:23:01 AM

Here is the complete error as it was copied/pasted from his OWA account:

You do not have permission to perform this action.

Copy error details to clipboard

Show details

Request
Url: http://*removed:80/owa/forms/premium/MessageView.aspx?ae=Folder&t=IPF.Note&a=
User host address: 10.110.108.15
User: Larry Loudon
EX Address: /o=IK Dist/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=*removed
SMTP Address: *removed
OWA version: 8.0.752.0
Mailbox server: *removed

Exception
Exception type: Microsoft.Exchange.Data.Storage.AccessDeniedException
Exception message: Failed to get properties.

Call stack
Microsoft.Exchange.Data.Storage.MapiPropertyBag.GetProperties(IList`1 propertyDefinitions)
Microsoft.Exchange.Data.Storage.StoreObjectPropertyBag.InternalLoad(PropertyDefinition[] properties, Boolean forceReload)
Microsoft.Exchange.Data.Storage.StoreObjectPropertyBag..ctor(StoreSession session, MapiProp mapiProp, Origin origin, PropertyDefinition[] autoloadProperties, Boolean canSaveOrDisposeMapiProp)
Microsoft.Exchange.Data.Storage.StoreObjectPropertyBag..ctor(StoreSession session, MapiProp mapiProp, Origin origin, PropertyDefinition[] autoloadProperties)
Microsoft.Exchange.Data.Storage.Item.InternalBindItem(StoreSession session, StoreObjectId itemId, Byte[] changeKey, ItemBindOption itemBindOption, PropertyDefinition[] allPropsToLoad)
Microsoft.Exchange.Data.Storage.Item.InternalBind[T](StoreSession session, StoreId id, ItemBindOption itemBindOption, PropertyDefinition[] allPropsToLoad)
Microsoft.Exchange.Data.Storage.Item.InternalBind[T](StoreSession session, StoreId id, PropertyDefinition[] allPropsToLoad)
Microsoft.Exchange.InfoWorker.Common.OOF.ReplyTemplate.Find(MailboxSession session, OOFReply ruleAction)
Microsoft.Exchange.InfoWorker.Common.OOF.LegacyUserOofSettings.GetLegacyOofRule(MailboxSession itemStore, MapiStore mapiStore)
Microsoft.Exchange.InfoWorker.Common.OOF.LegacyUserOofSettings.GetLegacyUserOofSettings(MailboxSession itemStore)
Microsoft.Exchange.InfoWorker.Common.OOF.UserOofSettingsStorage.CreateDefaultUserOofSettings(MailboxSession itemStore)
Microsoft.Exchange.InfoWorker.Common.OOF.UserOofSettingsStorage.LoadUserOofSettings(MailboxSession itemStore)
Microsoft.Exchange.Clients.Owa.Premium.MessageView.get_UserOofSettings()
Microsoft.Exchange.Clients.Owa.Premium.MessageView.ShouldShowOofDialog()
ASP.forms_premium_messageview_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
System.Web.UI.Page.Render(HtmlTextWriter writer)
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Inner Exception
Exception type: Microsoft.Mapi.MapiExceptionNoAccess
Exception message: MapiExceptionNoAccess: Unable to get properties on object. (hr=0x80070005, ec=-2147024891) Diagnostic context: Lid: 18969 EcDoRpcExt2 called [length=465] Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=358][latency=0] Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropOpenMessage [3] Lid: 17082 ROP Error: 0x80070005 Lid: 26977 Lid: 21921 StoreEc: 0x80070005 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 26426 ROP: ropOpenMessage [3] Lid: 14164 StoreEc: 0xFFFFFA1D PropTag: 0x672D0003 Lid: 8660 StoreEc: 0x8004010F PropTag: 0x672D0003 Lid: 23921 StoreEc: 0x3EC Lid: 21970 StoreEc: 0x8004010F PropTag: 0x668F0040 Lid: 14164 StoreEc: 0xFFFFFA1D PropTag: 0x672D0003 Lid: 8660 StoreEc: 0x8004010F PropTag: 0x672D0003 Lid: 21970 StoreEc: 0x8004010F PropTag: 0x672D0003 Lid: 23921 StoreEc: 0x3EC Lid: 21970 StoreEc: 0x8004010F PropTag: 0x672F0014 Lid: 21970 StoreEc: 0x8004010F PropTag: 0x3FE00102 Lid: 6244 StoreEc: 0x80070005 Lid: 5884 StoreEc: 0x80070005 Lid: 6527 StoreEc: 0x80070005 Lid: 6244 StoreEc: 0x80070005 Lid: 5884 StoreEc: 0x80070005 Lid: 6527 StoreEc: 0x80070005 Lid: 6719 StoreEc: 0x80070005 Lid: 7007 StoreEc: 0x80070005 Lid: 10786 dwParam: 0x0 Msg: IKEXCH1 Lid: 1750 ---- Remote Context End ---- Lid: 27962 ROP: ropGetPropsSpecific [7] Lid: 17082 ROP Error: 0x4B9 Lid: 26465 Lid: 21921 StoreEc: 0x4B9 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 26426 ROP: ropGetPropsSpecific [7] Lid: 10786 dwParam: 0x0 Msg: IKEXCH1 Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x4B9 Lid: 20385 Lid: 28577 StoreEc: 0x80070005 Lid: 32001 Lid: 29953 StoreEc: 0x80070005

Call stack
Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Object objLastErrorInfo)
Microsoft.Mapi.MapiProp.GetProps(PropTag[] propTagsRequested)
Microsoft.Exchange.Data.Storage.MapiPropertyBag.GetProperties(IList`1 propertyDefinitions

Any ideas on what the problem might be? If anyone needs more information let me know.

Post #: 1

Featured Links*

RE: You do not have permission to perform this action o... - 6.Apr.2009 9:43:53 AM

bej

Posts: 705
Joined: 3.May2005
From: Sweden
Status: offline

You can try this:

1. To use Active Directory Users and Computers to set permissions for users and organizational units

Open the Active Directory Users and Computers snap-in.
On the View menu, click Advanced Features.
Open the properties of a user who cannot log on to Outlook Web Access.
Click the Security tab, and then click Advanced.
Select the Allow inheritable permissions check box if it has not already been selected.
Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
Allow time for replication to occur.

2. To use Active Directory Users and Computers to set permissions for the top-level container

Open the Active Directory Users and Computers snap-in.
On the View menu, click Advanced Features.
Open the properties of the top-level container in the domain of the users who cannot log on.
Click the Security tab.
Verify that the Exchange Servers group appears in the Group or user names list. Add this group if it does not appear in the list. You do not have to set permissions for the Exchange Servers

_____________________________

Bengt Jonsson
MCSE:MESSAGING
MCITP Enterprise Messaging Administrator

(in reply to jhinkle)

Post #: 2

RE: You do not have permission to perform this action o... - 6.Apr.2009 10:24:11 AM

jhinkle

Posts: 18
Joined: 18.Mar.2009
Status: offline

bej,

I tried your suggestion and it is still giving him the error in his Inbox in OWA. I can see the train of thought you were going with this. Is there anywhere else that I can set permission settings for his Inbox? I've tried viewing the issue as an IIS permission issue but after going over it I don't see why that would be a problem. Now trying to edit permissions for AD hasn't had any effect and I don't see anything else in AD that could/would need changed. I would think that the problem would be with something in his Mailbox on the Exchange server but I don't see anything that I can modify for these kinds of settings.

(in reply to bej)

Post #: 3

RE: You do not have permission to perform this action o... - 6.Apr.2009 11:08:09 AM

jhinkle

Posts: 18
Joined: 18.Mar.2009
Status: offline

I found another oddity to this whole mess. If I open up OWA for this user his Inbox gives him the error message above. If I click options, then click 'Out Of Office Assistant' it gives me the exact same error message. After going through the entire site for this user these are the only two places that I recieve this error. Once I get the error from the out of office option his inbox will start working again until I log out and log back in. So I can get it to work but only if I get the error from clicking Out of Office Assistant in the options. How are these two portions of the site linked together? and why is it only these two that are affected? As far as configurations are concerned what would I have to modify to get this up and running properly?

(in reply to jhinkle)

Post #: 4