none
Cannot open your default e-mail folders. You do not have permission to log on.

    Question

  • I'm very new to Exchange 2010 and am trying to figure out what is going one with on user.  When opening outlook he gets:

    Cannot open your default e-mail folders.  You do not have permission to log on.

    When I run:  Get-MailboxPermission -id dr** |FL

    I get:

    RunspaceId      : dfc24400-6382-4436-b977-c27dfe4858aa
    AccessRights    : {ReadPermission}
    Deny            : True
    InheritanceType : All
    User            : Everyone
    Identity        : domain.net/ITMgmt/Drd**
    IsInherited     : False
    IsValid         : True

    RunspaceId      : dfc24400-6382-4436-b977-c27dfe4858aa
    AccessRights    : {FullAccess, ReadPermission}
    Deny            : True
    InheritanceType : All
    User            : domain\Domain Admins
    Identity        : domain.net/ITMgmt/Dr**
    IsInherited     : False
    IsValid         : True

    <<More permissions below>>

    When I run the same on my account, I do not get the Deny:True listings.

    I've seen several sites that indicate changing the Deny:True to Deny:False, but I'm having issues finding the right script to use.

    Thanks in advance,

    Dave

    Friday, November 02, 2012 7:35 PM

Answers

  • In the end, I ended up exporting all mail to a PST file, disabling the users mailbox (which deletes the contents, creating a new mailbox and then waiting a bit for the user synch up.  I'm real happy that only one user had this issue.

    Thanks for the assistance.

    Wednesday, November 07, 2012 4:41 PM

All replies

  • Can you provide more information.

    Has the user ever been able to logon successfully before? 

    Can the user login through OWA?

    Is MAPI enabled for this user?

    Friday, November 02, 2012 10:27 PM
  • Have you checked to see if autodiscover is working properly for the user?

    Here are some commands you might want to run

    Test-outlookwebservices -identity <user> (great for figuring out Autodiscover problems>

    Test-mapiconnectivity -identity <user> (tests to see if there are any problems connecting to the mailbox through mapi>

    Get-casmailbox <user> (make sure approprite protocols are enabled

    Also, is he connecting through a regular tcp connection or through outlook anywhere? Is the AD account he's logged in with also the one linked to the mailbox?

    Have you been able to run a "Test-emailautoconfiguration" from his outlook client? (To do so hold down CTRL and right click on the outlook icon in his systray)

    Saturday, November 03, 2012 12:17 AM
  • This error would also be generated if the mailbox in question is Quarantined. do you have Event ID: 10018 Logged in with the information as below on the event below:

    Description: The mailbox for user /o=AMERICAS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=test1 has been quarantined. Access to this mailbox will be restricted to administrative logons for the next 6 hours.

    Also Run the command below: Get-MailboxStatistics "Mailbox in Question" | Fl and check if you get any clue from the output.

    Alternatively you can refer to the links below:

    Quarantined mailboxes detected on Microsoft Exchange Server 2010

    Mailboxes on a database are Quarantined in an environment with System Center Operations Manager

    My mailbox is quarantined!!

    M.P.K ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful" if it really helps and "Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your question. ~~ This Information is provided is "AS IS" and confers NO Rights!

    Sunday, November 04, 2012 11:30 AM
  • Hi ,

    Please check if you use a account logon domain, and access another account’s mailbox.

    If so, please try to the following resolution.

    Unable to open your default e-mail folders:

    http://support.microsoft.com/kb/244523/en-us


    Wendy Liu

    TechNet Community Support

    Monday, November 05, 2012 10:04 AM
    Moderator
  • This is a new migration from Windows 2003/Exch 2003 to Windows 2008/Exch 2010.  All users were moved from old to new and this is the only user that is not able to access email due to the message.  The user was able to access without issue, but access stopped late last week.  From client side, Outlook 2010 is being used throughout.

    Nothing different was done for any of the users during the migration.

    MAPI is enabled for this user.

    No one can login yet through OWA.  Both Exchange are still in service and the migration is not fully complete.

    User did state at one point he removed Use Cached Exchange Mode and wasn't able to get in after this.  We have removed local OST files and he has tried to access Exchange from another machine - didn't work.  I was able to access my account from his workstation with my log on.

    Monday, November 05, 2012 12:52 PM
  • This is a new migration from Windows 2003/Exch 2003 to Windows 2008/Exch 2010.  All users were moved from old to new and this is the only user that is not able to access email due to the message.  The user was able to access without issue, but access stopped late last week.  From client side, Outlook 2010 is being used throughout.

    Nothing different was done for any of the users during the migration.

    MAPI is enabled for this user.

    No one can login yet through OWA.  Both Exchange are still in service and the migration is not fully complete.

    User did state at one point he removed Use Cached Exchange Mode and wasn't able to get in after this.  We have removed local OST files and he has tried to access Exchange from another machine - didn't work.  I was able to access my account from his workstation with my log on.

    What do you mean that no one can login yet through OWA?
    Monday, November 05, 2012 12:57 PM
    Moderator
  • Test-outlookwebservices -identity <user> shows:

    [PS] C:\Windows\system32>Test-outlookwebservices -identity DR


    RunspaceId : a6d9ac5a-2801-421a-8ef3-cd7dc5e8aad8
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://DOMAIN
    EXCH.DOMAIN.net/Autodiscover/Autodiscover.xml.

    RunspaceId : a6d9ac5a-2801-421a-8ef3-cd7dc5e8aad8
    Id         : 1012
    Type       : Warning
    Message    : XML>Unknown Node:AlternativeMailbox AlternativeMailbox Line:http://schemas.microsoft.com/exchange/autodisc
                 over/outlook/responseschema/2006a

    RunspaceId : a6d9ac5a-2801-421a-8ef3-cd7dc5e8aad8
    Id         : 1012
    Type       : Warning
    Message    : XML>Object being deserialized: Microsoft.Exchange.Management.SystemConfigurationTasks.AutoDiscoverAccount

    RunspaceId : a6d9ac5a-2801-421a-8ef3-cd7dc5e8aad8
    Id         : 1012
    Type       : Warning
    Message    : XML>Element

    RunspaceId : a6d9ac5a-2801-421a-8ef3-cd7dc5e8aad8
    Id         : 1012
    Type       : Warning
    Message    : XML>Unknown Element:System.Xml.XmlElement Line:56(7) <Type xmlns="http://schemas.microsoft.com/exchange/au
                 todiscover/outlook/responseschema/2006a">Delegate</Type><DisplayName xmlns="http://schemas.microsoft.com/e
                 xchange/autodiscover/outlook/responseschema/2006a">DR</DisplayName><LegacyDN xmlns="http://schemas
                 .microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">/o=DOMAIN/ou=First Administrative Group/c
                 n=Recipients/cn=DR</LegacyDN><Server xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook
                 /responseschema/2006a">DOMAINEXCH.DOMAIN.net</Server>

    >>  The remainder of the listings are "Information" and I can provide that if needed.

    Test-mapiconnectivity -identity <user> is Successful.

    Get-casmailbox <user> returns with all True.

    Just connecting through TCP.  Each user has one mailbox associated with their account.

    I have not done Test-emailautoconfiguration from his outlook client.  I will have him do that.

    Thank you.


    Monday, November 05, 2012 1:01 PM
  • Everything looks as it should running Get-MailboxStatistics...  Though I do see:

    LastLoggedOnUserAccount : SRTG\besadmin
    LastLogoffTime          : 11/2/2012 1:35:47 PM
    LastLogonTime           : 11/2/2012 1:30:42 PM

    That's not his user, obviously.  Blackberry continues to work for him.  Using BES Express 5.x.

    And then:

    IsQuarantined           : False
    IsArchiveMailbox        : False

    Thank you.

    Monday, November 05, 2012 1:05 PM
  • Does the mailbox show up as a User, shared , linked or legacy Mailbox? ( Get-mailbox)

    Monday, November 05, 2012 1:08 PM
    Moderator
  • IE simply shows:  Internet Explorer cannot display the webpage.

    Going through Chrome I get:  The webpage has a redirect loop.

    If I recall, I first found it wasn't working and was giving permissions issues, which I believed to be web services not correctly configured as I had done nothing with them.

    Monday, November 05, 2012 1:16 PM
  • Name, Alias, Address and OU show up correctly.  Recipient Type Details reads "User mailbox"
    Monday, November 05, 2012 1:17 PM
  • Have you been able to run a "Test-emailautoconfiguration" from his outlook client? (To do so hold down CTRL and right click on the outlook icon in his systray)

    Thinking about this, this can't be done.  He can't get Outlook to open to do this test...

    Thanks

    Monday, November 05, 2012 1:32 PM
  • In the end, I ended up exporting all mail to a PST file, disabling the users mailbox (which deletes the contents, creating a new mailbox and then waiting a bit for the user synch up.  I'm real happy that only one user had this issue.

    Thanks for the assistance.

    Wednesday, November 07, 2012 4:41 PM