Exchange 2010: “You can’t send a message on behalf of this user unless you have permission to do so”

An user had “Send-As” permission on a shared mailbox. But user couldn’t send e-mail as “shared mailbox”.  User is doing it correctly (add the shared mailbox name in From field). But user gets this bounced message:

You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

If user tries OWA to send the e-mail as the shared mailbox, it may work. If it is,  then it’s Outlook issue.

Solution: Have user update the offline address book (click Send/Receive tab, click Send/Receive groups and select Download Address Book). Better yet,

  1. Close Outlook
  2. Delete the offline address book folder under “C:\Users\username\AppData\Local\Microsoft\Outlook\Offline Address Books”  (I assume it’s Windows 7 computer, look under C:\documents and settings\username\…. for XP computers).
  3. Open Outlook and let it download new OAB.

Other Possibilities are,

  • You just gave “Send-As” permission for the user. Then, you have to wait for few hours. (you may restart Information Store to take effect the permission right away, who wants to do it? Smile)
  • User’s Outlook got bad/outdated cached contact information. Search for *.NK* files under user’s profile and delete it. Obviously Close the Outlook first before you delete the *.NK* files.

If it helped you, drop a reply to this blog.

Exchange 2010: winmail.dat attachment to internal applications

Application owner complained about emails with winmail.dat attachment that sent to an application server using Exchange server. They don’t want to receive this attachment to the application that causing issues.

Well, we, Exchange Admins, know that frigging Outlook RTF messages sends this winmail.dat attachment. After all goodness of HTML formatted message, some users still loves the RTF format. I had a user tried to defend how RTF formatted message is better than others.

We can’t tell users NOT to send RTF formatted e-mails to the application. But as Exchange Admin we can control this from the server side. If you happened to use Exchange 2010, job is very easy. Create a new Remote Domain with your application server address (same as Send Connector’s SMTP domain) and disable RTF messages. This way send connector will convert the mails to text mail.

1. Open Exchange Management console and go to  Hub Transport under Organization Configuration.

2. On the Action pane, click New Remote Domain…


3. Create a new remote domain with your application servers domain name (e.g., means mails send to

4. Open the newly created remote domain properties, go to Message Format tab and select Never use for Exchange rich-text format. click OK to close.


Alternatively you can type the powershell command in Exchange management shell of this command.

Set-RemoteDomain –TNEFEnabled $false –identity ‘RemoteDomainName’

That’s all. RTF e-mails should be converted to text format before it sends to the application server. No more winmail.dat attachments.

SCCM: creating bootable USB disk for OS Deployment and ends with “Failed to create media (0x80070057)”

I couldn’t create a bootable USB disk to deploy an OS for some reason. As usual Microsoft error is useless, it doesn’t actually tells nothing about the actual issue.

All I get was “Failed to create media” and reading logs doesn’t lead to anywhere.

Strangely these two things worked the magic.

1. Disabled Antivirus (frigging Symantec Endpoint Protection, I hate this stuff)

2. Disconnected all network drive mappings (run Net Use * /delete /y  in command prompt)

Bounced Meeting Request with “550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found”

Is invisible delegate driving you nuts? Users will get a bounced message from Exchange Server for a mysterious delegate, like one below.

Subject: Undeliverable: <Subject Text>
Delivery has failed to these recipients or groups:
Jane Doe
The e-mail address you entered couldn’t be found. Check the address and try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server:
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

Problem is a delegate’s mailbox was deleted and/or user account is disabled. Exchange mailbox is still having “hidden SID” about the disabled/deleted delegate information (in the current Boss’s mailbox).

Solution is easy. You will have to use Exchange Management Shell (powershell) to overwrite new existing delegates list.

I have seen on other forums that people are asking how do you remove an disabled delegate.  You can’t remove the invisible delegate. You can only overwrite the delegate list.

  1. Open Exchange Management Shell.
  2. Type Set-Mailbox -Identity "Mailbox Name" –GrantSendOnBehalfTo <Delegate User Names separated by coma>

On the command above, you have list all active delegates user names separated by coma.

E.g., Set-Mailbox –Identity BossMan –GrantSendOnBehalfTo “ExecutiveAdmin1”,”ExecutiveAdmin2”

0X80040113 – Microsoft Exchange offline address book

When I enabled web based OAB distribution, Clients aren’t downloading the Offline Address Book at all. In fact Outlook OAB sync was hanging in half way for long time. In Outlook, Sync Issues folder has this error message logged.

9:07:52 Error synchronizing folder
9:07:52                  [80040115-514-469-0]
9:07:52                  Network problems are preventing connection to Microsoft Exchange.
9:07:52                  Microsoft Exchange Information Store
9:07:52                  For more information on this failure, click the URL below:

9:07:52 Done
13:37:40 Microsoft Exchange offline address book
13:37:40         0X80040113

This issue started right after enabling HTTP Redirect feature to redirect Exchange server URL ( to OWA URL ( image

When I tried to access OAB URL (, I get site not found (500) error. I supposed to get an authentication box and OAB.XML file. So the OAB site folder lost permissions to the users.

I checked web.config file at C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB and saw no one has permissions (except local admins).

So the SOLUTION is give Authenticated Users to the C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB folder and contents to READ permission.  That’s it. Problem solved.

Exchange 2010: List Database Size in Exchange Management Shell

Get-MailboxDatabase cmdlet comes in handy to check all mailbox database size quickly. Help for this cmdlet is available here:

Here is the command and run it in Exchange Management Shell.

Get-MailboxDatabase -Status | select ServerName,Name,DatabaseSize

I am trying to write a script to gather database size every week and save it in one CSV file. I would like to see how my database are growing; take actions accordingly. Let me know if anyone interested in my script.

Exchange 2010: Unable to mount or switch over the database – Solution is here

If you getting the following frigging dialog box during activating a Database Copy or switching over the DAG server, no worries. There is a simple solution.


To verify the content index catalog files are really failed or not, run the following command in Exchange 2010 Management Shell.  Note: the server name would be mailbox server naming which is hosting the passive database.

Get-MailboxDatabaseCopyStatus –Server <MBX Server Name> | FL Name,*Index*

You will see ContextIndexState is Failed in results of above command. Also ContentIndexErrorMessage property will say “Catalog needs a reset for database <GUID>”.

Quick solution is,

  1. Restart the “Microsoft Exchange Search Indexer” service on the server hosting the active DAG database
  2. Run Update-MailboxDatabaseCopy –Identity <database name>\<Server name hosting passive db> –CatalogOnly

E.g., Update-MailboxDatabaseCopy –Identity DB1\MBXServer1 –CatalogOnly

Now try activating a database copy on your server. Smile


Exchange 2010: Group Owner doesn’t have owner permissions

On Exchange 2010 organization, Is a user complained he or she can’t add/remove an member to the group they own? Are they getting this error message:

“Change to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object.”


You double checked the group ownership permission is correct. As a admin you are able to add/remove members. But not the user.

You as a admin tried to open the group in Exchange Management Console, you get this error message.

“Couldn’t find object “username”. Please make sure that it was spelled correctly or specify a different object. Reason: The recipient <username> isn’t the expected type.”


Check two possible solutions:

1. The issue is disabled mailbox is stuck in the group. I would recommend use Exchange Management Shell to display the distribution group members (Get-DistributionGroupMember –identity GroupName). If you get an error for any member(s ), fix the member (remove the user, find why the user account is an issue).

2. Convert the group to Universal Group if not already.

One of the above fixed my issue.

Legacy Mailbox in Exchange 2010, Solvable Mystery.

Help desk guys brought me a problem with newly created mailboxes. They claimed new mailboxes were shown as “Legacy Mailbox” in Exchange Management Console. What would be implications?

Found an answer really quickly on first page of Bing search. This MSKB 931747 says

This issue may occur if the following conditions are true:

  • The mailbox was created in the Active Directory Users and Computers snap-in on a server that was running Microsoft Exchange Server 2003.
  • The mailbox was moved to an Exchange Server 2007 server or an Exchange Server 2010 server .

The resolution in that MSKB says

To resolve this issue, correct the properties of the mailbox. To do this, use the Set-Mailbox command together with the ApplyMandatoryProperties parameter in the Exchange Management Shell.

I came up with the following power shell command to convert all Legacy mailboxes in the organization to Normal Exchange user mailbox.

get-mailbox -resultsize unlimited | Where { $_.RecipientTypeDetails -eq ‘LegacyMailbox’ } | Set-Mailbox –ApplyMandatoryProperties

Open Exchange Management Shell, copy & paste the above command. The first part of the cmdlet gets all mailboxes (get-mailbox). Second part filters only Legacy Mailboxes (Where). The last cmdlet applies the “ApplyMandatoryProperties”.

Hope you find this blog easily and helps you quickly.

Outlook 2010 Sync Issues Folder is full of sync logs (“Synchronization Log:” and “Modification Resolution”) with Exchange 2010 Mailbox

After I moved my mailbox to Exchange 2010, I started seeing two kinds of Sync logs in “Sync Issues” folder: “Synchronization Log:”  and “Modification Resolution”.

Whenever I delete something and empty my “Deleted Items” folder, I see a sync log in a minute. It says,

22:45:33 Uploading to server ‘’
22:45:33 Synchronization of some deletions failed.
22:45:33          [0-130]

22:45:34        1 view(s)/form(s) updated in online folder
22:45:34        4 view(s)/form(s) deleted in online folder

For the record, it doesn’t happen if my Outlook is on ONLINE mode. It only happens in Outlook Cached Mode.

It drove my users crazy. It seems it drives lots of people crazy as I read in technet forums. So far no one finds solution for this. There are many explanations why it happens, but no solution. Exchange 2010 SP1 doesn’t fix this issue either. Well, I have been told it’s Outlook 2010 related issue, not an server problem.

I called Microsoft support and they confirmed they themselves are getting this logs. Sad smile If you find an solution, please reply to this blog. Or hopefully next Office 2010 service pack fix this one.


Whenever I did something with Calendar items (deletion or modification), I see “Modification Resolution” log in Sync Issues folder.

14:30:00 Message class: {SU:IPM.Appointment}
14:30:00 Appointment Conflict Resolution
14:30:00 Local subject: {SU:Team Lunch – Placeholder}
14:30:00 Remote subject: {SU:Team Lunch – Placeholder}
14:30:00 Local Message Entry ID: {CB:70, LPB:0x00000000D7754433D4F990489C0A23AA08ED28C307005EF0C574BA12B14F805532F0BB58596200000A794FE70000FE23979F836CCA43B84FC495B894A5110000003B56A30000

14:30:00 Not equal (conflict) named property: 0x00150003
14:30:00 Conflict Merge named property: 0x00150003
14:30:00 Critical properties merged into remote item.
14:30:00 Successfully auto-resolved

I heard BES server also generates these logs consistently.  I came to know how to stop “Modification Resolution” logs. Modification Resolution log explains what Outlook did on a conflict on items. To stop generating this log, create a registry entry as below with option 0.

Key: HKEY_CURRENT_USER\ Software\Microsoft\Office\14.0\Outlook\Options
DWORD: EnableConflictLogging

0 = Never save Modification Resolution logs
1 = Always save Modification Resolution logs
2 = Save Modification Resolution logs when a "critical conflict" occurs
<This is the new Default behavior when the EnableConflictLogging dword does not exist.>