Can't delegate/share to a group

From: JoeM (labyzs302_at_NOsneakSPAMemail.com)
Date: 08/27/04 

Date: Fri, 27 Aug 2004 18:54:23 GMT

I am running Exchange 2000 SP3 on SBS 2000 on a network with one server box.
When I try to add a distribution group delegate to a mailbox through Outlook
2002 on a Windows XP SP1 machine, it fails with no message. I can add the
group, but it always set the permissions to none.

When I try to share a folder to a group I get the error "The modified
permissions could not be saved. The client operation failed".

I can delegate and share to users.

I am guessing its either some permissions problem or an Exchange corruption,
but I am not making any headway. I have not been able to find anything very
helpful in the NGs or via Goggle searches. Help!

When I first encountered the problem, E2k was running in mixed mode
(default, not brains). I found that this should only work in native mode. I
switched Exchange to native mode via the properties page. I saw no complaint
on screen or in logs when I switched. I restarted the whole server for good
measure. Exchange's General Properties now shows Native mode, but the two
administrative views options can be checked. I thought the "Display
administrative groups" option was supposed to be grayed out. The
distribution groups existed prior to the mode switch.

Dithered Security Log entries follow. This attempt was from a workstation
outside the domain logged in to the SpamBox mailbox over a VPN. The behavior
is similar when the delegation is attempted from a workstation in the
domain.

Thanks,

Joe M

--------

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 8/27/2004
Time: 9:43:29 AM
User: SMITHINVESTMENT\SpamBox
Computer: SMITH-SBS
Description:
Successful Network Logon:
  User Name: SpamBox
  Domain: SMITHINVESTMENT
  Logon ID: (0x0,0x9E1416)
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name: MYBOX

--------

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 565
Date: 8/27/2004
Time: 9:43:29 AM
User: SMITHINVESTMENT\SpamBox
Computer: SMITH-SBS
Description:
Object Open:
  Object Server: Microsoft Exchange
  Object Type: Microsoft Exchange Logon
  Object Name: /o=SMITHINVESTMENT/ou=first administrative
group/cn=Recipients/cn=SpamBox
  New Handle ID: -
  Operation ID: {0,10359850}
  Process ID: 4384
  Primary User Name: SMITH-SBS$
  Primary Domain: SMITHINVESTMENT
  Primary Logon ID: (0x0,0x3E7)
  Client User Name: SpamBox
  Client Domain: SMITHINVESTMENT
  Client Logon ID: (0x0,0x9D55A4)
  Accesses Unknown specific access (bit 8)

  Privileges -

 Properties:
Unknown specific access (bit 2)
Unknown specific access (bit 3)
Unknown specific access (bit 4)
  Send As

--------

Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 8/27/2004
Time: 9:45:02 AM
User: SMITHINVESTMENT\SpamBox
Computer: SMITH-SBS
Description:
Object Open:
  Object Server: DS
  Object Type: user
  Object Name: CN=SpamBox,CN=Users,DC=smithinvestments,DC=local
  New Handle ID: -
  Operation ID: {0,10381668}
  Process ID: 292
  Primary User Name: SMITH-SBS$
  Primary Domain: SMITHINVESTMENT
  Primary Logon ID: (0x0,0x3E7)
  Client User Name: SpamBox
  Client Domain: SMITHINVESTMENT
  Client Logon ID: (0x0,0x9E138D)
  Accesses Write Property

  Privileges -

 Properties:
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Delete Child
Read Property
Write Property
  Personal Information
WRITE_DAC
SYNCHRONIZE
   publicDelegates

Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 8/27/2004
Time: 9:45:02 AM
User: SMITHINVESTMENT\SpamBox
Computer: SMITH-SBS
Description:
Object Open:
  Object Server: DS
  Object Type: user
  Object Name: CN=SpamBox,CN=Users,DC=smithinvestments,DC=local
  New Handle ID: -
  Operation ID: {0,10381669}
  Process ID: 292
  Primary User Name: SMITH-SBS$
  Primary Domain: SMITHINVESTMENT
  Primary Logon ID: (0x0,0x3E7)
  Client User Name: SpamBox
  Client Domain: SMITHINVESTMENT
  Client Logon ID: (0x0,0x9E138D)
  Accesses Write Self

  Privileges -

 Properties:
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Delete Child
Read Property
Write Property
  Personal Information
WRITE_DAC
SYNCHRONIZE
   publicDelegates

Relevant Pages

  • Re: exchange basics
    ... If you find users switching between client ... often pull the mail to a different store (as in POP3) and then wonder why it ... Exchange can inform and enforce quotas on mail storage. ... Server side rules? ...
    (microsoft.public.exchange.design)
  • Re: exchange basics
    ... If you find users switching between client ... > store, so you're right, it wouldn't be a big deal. ... >> -If messages can be stored on server instead of downloading, ... > Exchange can inform and enforce quotas on mail storage. ...
    (microsoft.public.exchange.design)
  • Cant delegate/share to a group
    ... I am running Exchange 2000 SP3 on SBS 2000 on a network with one server box. ... The client operation failed". ... Successful Network Logon: ...
    (microsoft.public.exchange2000.general)
  • Re: WM5, VPN via PPTP/MPPE, and direct connection to Exchange
    ... non-Microsoft VPN server, in order to access an Exchange Server on a private ... clients to Exchange via the VPN server, I have to select the the Outlook ... NOT synchronising with a client laptop. ...
    (microsoft.public.pocketpc.phone_edition)
  • Re: One user having messages stuck in Local Delivery
    ... so you won't have any effect to the client PCs. ... migration of the Exchange data, ... brand spanky new intel rackmount server which has only been sitting here ... tomorrow morning another mailbox or two will start failing. ...
    (microsoft.public.windows.server.sbs)