Mar 22 2022 01:17 AM
Hello,
I read the MS docs Add-MailboxPermission docs (https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps) and the User parameter accepts security groups too.
I run the following command:
Add-MailboxPermission -User xch_full-access (this is the group) -Identity $mbox -AccessRights fullaccess -AutoMapping $false -ErrorAction stop
It goes okay, still if I go to OWA, and trying to open up the mailbox I get access denied. If i check the ECP panel, I can see at the mailbox delegation section at full access the added group.
What am I missing, or what am I doing wrong?
according to this topic this is not possible: https://community.spiceworks.com/topic/2162187-how-do-i-give-members-of-a-security-group-access-to-a...
X-OWA-Error Microsoft.Exchange.Clients.Owa2.Server.Core.OwaExplicitLogonException X-OWA-Version 15.1.2308.20 InnerException: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Mar 22 2022 05:04 AM
Mar 23 2022 12:10 AM
Mar 23 2022 11:10 PM
Mar 23 2022 11:56 PM
@Deleted
this is the get mailboxpermission with format list
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : True
InheritanceType : All
User : domainName\delegate user
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : False
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : False
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : False
InheritanceType : All
User : domainName\xch_full-access-1-1356144182
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : False
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : True
InheritanceType : All
User : domainName\Tartománygazdák (<-- maybe "domain owners" not sure how to translate, it is a built in group)
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : True
InheritanceType : All
User : domainName\Vállalati rendszergazdák (<-- maybe "domain administrators" not sure how to translate, it is a built in group)
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : True
InheritanceType : All
User : domainName\delegate user
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : True
InheritanceType : All
User : domainName\Organization Management
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SYSTEM
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\HÁLÓZATI SZOLGÁLTATÁS (<-- network service)
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : domainName\Tartománygazdák (<-- maybe "domain owners" not sure how to translate, it is a built in group)
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : domainName\Vállalati rendszergazdák (<-- maybe "domain administrators" not sure how to translate, it is a built in group)
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : domainName\delegate user
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : domainName\Organization Management
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {ReadPermission}
Deny : False
InheritanceType : All
User : domainName\Public Folder Management
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {ReadPermission}
Deny : False
InheritanceType : All
User : domainName\Delegated Setup
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : domainName\Exchange Servers
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : domainName\Exchange Trusted Subsystem
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
RunspaceId : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights : {ReadPermission}
Deny : False
InheritanceType : All
User : domainName\Managed Availability Servers
Identity : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited : True
IsValid : True
ObjectState : Unchanged
The get-casmailbox owa enabled property is set to true
Mar 24 2022 01:52 AM
Mar 24 2022 04:56 AM
Mar 24 2022 07:20 AM - edited Mar 24 2022 08:04 AM
Ok, I missed that. Sorry. What about granting full access to a single user account. Does this work?
I'm still wondering if all rights are set correctly. But while searching the web I saw some similar cases which pointed in the direction of a corrupt database. Maybe this happened to you, either.
Mar 24 2022 07:35 AM
Mar 24 2022 08:19 AM
Mar 24 2022 08:44 AM - edited Mar 24 2022 08:47 AM
You probably will create a new database, move all mailboxes to the new one and see, if this fixes the issue. A mailbox move often solves issues.
I personally wouldn't use ESEutil and Isinteg without Microsoft support. Most of the checks and finally a repair can't be run against an online database. So if you can't move mailboxes to another DB you will have downtime. Depending on your hardware it could be a short or longer one.
First read these two articles and then stick to the Microsoft documentation.
https://www.stellarinfo.com/blog/microsoft-exchange-data-storage-connection-failedtransientexception...
https://www.stellarinfo.com/blog/exchange-2013-2016-database-repair-eseutil-or-isinteg/
But first of all wait for some more hints. Maybe the "corrupt database" thing points into a totally wrong direction.
Mar 25 2022 02:00 AM
Mar 28 2022 04:13 AM
Mar 29 2022 08:00 AM
Mar 29 2022 08:17 AM
@brogyi Be sure having a working backup. 😉 I‘m keen on hearing from you after finishing your work.
Apr 01 2022 12:24 AM
Apr 06 2022 11:04 PM
Apr 06 2022 11:46 PM
Apr 08 2022 07:38 AM