none
Send As Issus after cross forest migration

    Question

  • HI All,

       Look like No MS expert have the answer to this issue.... I have a shared mailbox called  "Helpdesk"  add all the helpdesk users to Security group called "Helpdeskmailboxaccess" 

      EMC- Add full permission to "Helpdeskmailboxaccess" and SEND AS for "Helpdeskmailboxaccess"

    But users try to send FROM : helpdesk@mycomp.com  got the NDR

    Only works if i select from GAL not from the autocomplete. ( Not a solution)

    no users or group belong to protective groups

    remove re add the send as in AD no effect.

    check the permision from cmdlet -all ok.

    So user got the issues sending from?

    Any one got the answer?

    AS

     

    Friday, June 22, 2012 11:04 AM

All replies

  • Hi,

    Could you please post the NDR - it might tell us whats wrong.

    Leif

    Friday, June 22, 2012 11:08 AM
  • Yes please post the NDR message. Also try deleting the address from the Outlook NIC cache and then try again. Maybe a legacydn issue somehow?

    Chris Morgan

    Friday, June 22, 2012 6:06 PM
  • Delivery has failed to these recipients or groups:

    user@domain.com
    You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

    Diagnostic information for administrators:

    Generating server:

    user@domain.com
    #MSEXCH:MSExchangeIS:/DC=com/DC=domain:EXGORGEXG01[578:0x000004DC:0x0000001D] #SMTP#

    As i sain Its works only Open from GAL.

    Monday, June 25, 2012 1:50 AM
  • Hi,

    Since this issue not occur when you choose from GAL, I think permission you sat on "Helpdesk" is right.

    I suggest you use OWA, manually input the email address (helpdesk@mycomp.com) to have a try.

    If this issue not occur when you test in OWA, go to remove autocomplete in Outlook, then input the email address (check name for it) to have a try.

    Delete a name from the Auto-Complete list
    http://office.microsoft.com/en-us/outlook-help/delete-a-name-from-the-auto-complete-list-HA010355568.aspx

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Evan Liu

    TechNet Community Support

    Monday, June 25, 2012 5:27 AM
    Moderator
  • user@domain.com
    #MSEXCH:MSExchangeIS:/DC=com/DC=domain:EXGORGEXG01[578:0x000004DC:0x0000001D] #SMTP#

    As i sain Its works only Open from GAL.


    Appears by using the Outlook NIC cache it's grabbing the incorrect information, specifically the Exchange Legacy DN. As Evan and I stated, deleting that cache should clear up the problem. To resolve the issue globally you would have to add the old Exchange Legacy DN as an additionaly X500 address to their prospective accounts. Then you would not have an Outlook nickname cache issue as they would be able to resolve those addresses in the new forest.

    Chris Morgan

    • Proposed as answer by Chris Morgan - Thursday, June 28, 2012 11:55 AM
    Tuesday, June 26, 2012 12:34 PM
  • Hello,

    Any updates on this issue?

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Evan Liu

    TechNet Community Support

    Wednesday, June 27, 2012 9:31 AM
    Moderator
  • HI Evan,

      I can send from OWA and select from the GAL. Also clearing  Auto-Complete list/ NK2 didn't help.

      But Chris point the issue. We have migrated from Source Domain to Target domain and add the x500 address.

      So how do i add the secondary and will course any issues?

     also found that outside users also get the NDR sending to the email that they sending before?but i can send new email from my gmail no problem?

    Look like finding source email address? So how do i fix this issue?

    ======================================

     NDR

    Diagnostic information for administrators:
    Generating server: <http://ex04.source.com> ex04.source.comhttp://ex04.source.com

    mailto:rnows@target.com>
    #< #4.4.7 smtp;550 4.4.7 QUEUE.Expired; message expired> #SMTP#

     

     

    Thursday, June 28, 2012 5:26 AM
  • HI,

     I just found the X500 address but it got source domain details?

    also found this

    http://blog.scottlowe.org/2007/02/15/preserving-nickname-cache-in-exchange-migrations/

    AS


    • Edited by AUSSUPPORT Thursday, June 28, 2012 6:02 AM
    Thursday, June 28, 2012 5:29 AM
  • You mean when users reply to the old emails, they will get NDR, right?

    If so, you can just add the x500 address on your mailbox.

    Cannot Reply To Old Emails Or Modify Old Calendar Items After PST Mail Migration
    http://blogs.technet.com/b/sbs/archive/2009/05/21/cannot-reply-to-old-emails-or-modify-old-calendar-items-after-pst-mail-migration.aspx

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Evan Liu

    TechNet Community Support

    • Proposed as answer by Chris Morgan - Thursday, June 28, 2012 11:55 AM
    Thursday, June 28, 2012 9:56 AM
    Moderator
  • HI Evan,

         As per above Post i have two Issues

       1. Cannot SEND AS

                 NO Answer to this yet

       2. Outside get NDR

              As per above i have checked the user x500 and it's set to Source domain LegacyDn Value  ( Use Prepare-MoveRequest.p1)

             

    How do i fix these two issues?

    AS

           

      

      

    Friday, June 29, 2012 12:31 AM
  • HI All,

     Is there any exchange expert to help me?

    AS

     

    Monday, July 02, 2012 10:52 PM
  • Sorry for late reply, I didn't receive your old post.

    1. Cannot SEND AS

    I saw you said that "Only works if I select from GAL not from the autocomplete".

    If you can select from GAL to send as, I think the send as permission is working, if I misunderstand on you, please correct me.

    2. Outside get NDR

    If you mean external users get NDR, when they reply old emails, I think this is normal, because when they send emails external, it will use old smtp address not x500 address, so add x500 address cannot help for external users, it only can help users reply old emails internally.

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Evan Liu

    TechNet Community Support

    Tuesday, July 03, 2012 1:39 AM
    Moderator
  • Any updates on this issue?

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Evan Liu

    TechNet Community Support

    Thursday, July 05, 2012 10:01 AM
    Moderator
  • The Send AS issue was the one I was referring to as being the x500 address issue. Are you saying if you add the source legacy DN as an x500 address to the target user accounts that send as of those users still doesn't work? If it doesn't I would clear the NIC cache and allow it to automatically pull from the GAL again when typing in the name. The automatic population can be a bit slow in Outlook but it does work. Once the user has done it once the cache is updated and it will be instantaneous moving forward.

    If users outside are getting NDRs then I have to ask if you switched your MX records to point to the new infrastructure? If you are co-existing between the two then you need to have a setup that allows forwarding of the migrated users to the new infrastructure which would require an internal only dns namespace used for the forwarding. x500 addresses aren't used by external users. they simply use SMTP which means something is wrong with your SMTP routing if you are getting NDRs.


    Chris Morgan

    Thursday, July 05, 2012 12:40 PM
  • HI Chris,

    As per 

    " Are you saying if you add the source legacy DN as an x500 address to the target user accounts that send as of those users still doesn't work? " NO

    Now almost 1 month and still need to select from the GAL.

    "If users outside are getting NDRs then I have to ask if you switched your MX records to point to the new infrastructure?"

    Yes and create the Internal DNS. Outside can send, if they type the new email address. ( Not picking the autofill)

    Is there a way to troublshoot this?

    AS

     

    Tuesday, July 10, 2012 5:06 AM
  • Can you please repost both NDR messages and identify which one the internal user is getting and which the external user is getting?

    Chris Morgan

    Tuesday, July 10, 2012 12:09 PM
  • Hi Chris,

    You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

     

    Diagnostic information for administrators:

     Generating server:

     /O=xxx ORGANISATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=xx xxmuir41d #MSEXCH:MSExchangeIS:/DC=au/DC=com/DC=xx:xxENEXG01[578:0x000004DC:0x0000001D] #EX#

    This is internal and still got the issue?

    Friday, October 26, 2012 5:20 AM
  • There's no more information in the NDR except whats above? without looking at the user accounts or more information in the message to go on I am not sure I can be much more help. But if it's the NIC cache causing the problem I am sure what the hesitation is remove the entry from the NIC cache or clear the entire NIC cache. This will force the use of the GAL next time they go to send to a user. Which will rebuild the NIC cache. method to do that can be found here:

    http://support.microsoft.com/kb/287623


    Chris Morgan

    Friday, October 26, 2012 11:39 AM
  • I don't think you're running into the typical missing x500 hundred address, otherwise the NDR would mention that. Also since you're still having to add it from the GAL every single time. How did you do the cross forest migration? Did you do a cross forest mailbox move or export\import pst method? If you did a cross forest mailbox move, it's possible that some mailbox attributes did not merge with the target account. I've seen some funny issues with this occurs where mail would not arrive to the mailbox with no NDR but account could receive. If you're still experiencing the problem, disable the mailbox and than re-connect it again. Make sure you document the settings of the mailbox just in case, all your proxy addresses, legacy, x500 etc.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, October 26, 2012 5:17 PM
  • do this and let me know how does it go..........

    IN EMS

    1. Update-Globaladdresslist "Default Global address list"

    2. Update-OfflineAddressBook "Default Offline address book"

    Restart the services mentioned below on all exchange servers

    1. Microsoft Exchange File Distribution

    2. BITS 

    Download OAB in Outlook and check


    Regards, Prabhat Nigam XHG and AD Architect and DR Expert Website: msexchangeguru.com VBC: https://www.mcpvirtualbusinesscard.com/VBCServer/wizkid/card

    Saturday, October 27, 2012 5:42 AM