Microsoft KB Archive/940846

= Error message when an account tries to open a mailbox by using Outlook Web Access or Exchange Web Services in Exchange Server 2007: &quot;You do not have permissions to open this mailbox&quot; =

Article ID: 940846

Article Last Modified on 10/17/2007

-

APPLIES TO


 * Microsoft Exchange Server 2007 Standard Edition
 * Microsoft Exchange Server 2007 Enterprise Edition

-



SYMPTOMS
Consider the following scenario. You grant “Receive as” permissions to a specified Microsoft Exchange Server 2007 account in an Exchange Server 2007 organization, storage group, store, or server. To do this, you use the Add-ADPermission cmdlet or the Active Directory Service Interfaces (ADSI) edit tool.

Then, the specified account tries to open another mailbox by using Microsoft Office Outlook Web Access or Microsoft Exchange Server 2007 Web Services.

In this scenario, the specified account receives the following error message:

You do not have permissions to open this Mailbox. Contact Exchange Administrator for more information.



CAUSE
This problem occurs because only the mailbox security descriptor is verified when the underlying components are shared by Outlook Web Access and by Exchange Web Services.

If permissions were granted to server-level objects, the permissions are not merged with the mailbox security descriptor. This condition occurs when the access verification is denied in Outlook Web Access and in Exchange Web Services.



WORKAROUND
To work around this problem, use one of the following methods:
 * Use impersonation in Exchange Web Services to access other accounts.
 * Grant mailbox permissions on the existing mailboxes by using the Add-MailboxPermission cmdlet or by using the Active Directory Users and Computers snap-in.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
This issue does not affect the Outlook client or the development of APIs such as MAPI, CDO, or WebDAV. The specified account can successfully access another mailbox by using Outlook, MAPI, CDO, or WebDAV.

The specified account receives the error message that is mentioned in the &quot;Symptoms&quot; section only when you use Outlook Web Access or Exchange Web Services to access other mailboxes.

For more information, visit the following Microsoft Web sites:

http://msdn2.microsoft.com/en-us/library/bb204088.aspx

http://technet.microsoft.com/en-us/library/bb124403.aspx

http://technet.microsoft.com/en-us/library/bb124097.aspx

Additional query words: OWA EWS

Keywords: kbtshoot kbprb kbexpertiseinter KB940846

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.