Dec 20 2018 11:47 AM
Hi,
Last week we're started to get "The account does not have permission to impersonate the requested user' error on the customer accounts that were working perfectly up to last week.
When, for example customer with 100 accounts that impersonated by 1 service account, we see each day errors for different impersonated accounts.
Talking with support on behalf of the customer didn't provided any help. Their answers as usual.
While doing more research we're found that if doing 2 accounts impersonating in parallel (even from different servers) we get this error, and when doing 2 or even more accounts impersonating serial, everything is working fine.
I'm afraid that MS has a bug in their permissions checking mechanism while trying to impersonate more than 1 account in parallel.
MS Exchange engineers, can you please check this ? Your customer supports is lacks of willing to assist.
Thanks
Dec 27 2018 02:02 AM
Dec 27 2018 03:01 AM
Well, if 2 accounts in parallel is hitting the limit :) than it's very sad.
There's a ticket within MS Support, but seems to be totally useless.
Apr 25 2019 06:38 AM - edited Apr 26 2019 12:56 AM
@SlavaGDid you ever find out why this happend or even resolved this? Currently we have the same problem for one customer using O365 Exchange, but we've got no clue why some users can be impersonated and some cannot. There are no management scopes set limiting the impersonated users on the impersonation role.
Jun 03 2019 05:13 AM
@alex3683 Hi,
Jun 03 2019 05:47 AM
@alex3683 We had exactly the same problem. The solution was to use the X-AnchorMailbox header. More information is here:
"When EWS Impersonation is used the X-AnchorMailbox always should be correctly set. Without doing so you may get 500 or 503 errors at times. It is critical for performance and also for notifications with Exchange Online/Exchange 2013. Not setting it can double or more the time it takes to complete the call. In some cases you can also get timeouts. The rule is to always set this header when using impersonation - this will make your EWS Impersonated code from Exchange 2007 work better with Exchange 2013."
Jun 03 2019 06:29 AM
@stevereinhold @SlavaG Thanks for your replies. I'll try your solutions and let you (and further visitors) know if that worked out.
Jun 04 2019 01:21 AM
@stevereinhold @SlavaG Thank you both for your help. In the end it was really the missing X-AnchorMailbox header that resolved the issue for us. A pity that this isn't set by default in the EWS API when using impersonation with an email address.