A
A
a_alisher2019-04-22 06:14:55
Mail server
a_alisher, 2019-04-22 06:14:55

Why don't emails go to external addresses via Outlook?

There is an Exchange 2010 server with 2 DAGs and 1 CAS, about 10,000 domain users.
The client side uses Outlook 2007/2010.
Faced with an annoying problem that manifests itself in a strange way. It all started with the impossibility of sending messages to external addresses (mail.ru, gmail.com, etc.) for **some** users, while messages were sent within the domain without problems.
The errors were as follows:
1. When authorizing after the departure - an error sending a test message: client does not have permission to send as this sender.
2. After authorization by logging in before sending, when trying to send an email to an external address - Unable to relay.
I started by checking port 25 - everything is ok, otherwise everyone would not be sent to the external device. While "lame" mailers were 10% of all users, temporarily switched users to OWA, for the same users, through the web interface, letters went to the external without any problems. Long digging forums began to sin on the Active Directory.
Found the following solution:
> Open AD Users and Computers ->
Press View and select Advanced Features ->
Do a find for the user in question ->
Go to Properties -> Security Tab ->
Select Advanced ->
Press add and type “Exchange Servers ” ->
Under Apply to, change to Descendant "msExchActiveSyncDevices" objects ->
Select the Modify permissions checkbox ->
After that, in the Exchange Power Shell, I reassigned the NT AUTHORITY \ SELF parameter to the box and everything seemed to work, but by this time this problem had spread to almost 70% of users and it was not an option for everyone to carry out such manipulations.
Perhaps the problem lies in the rights or Exchange certification, please share your experience, who faced a similar problem?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Y
Yuri Samoilov, 2019-04-23
@a_alisher

User boxes should have NT AUTHORITY\SELF by default, so putting that back on everyone is a good idea.

D
Dmitry Shitskov, 2019-04-22
@Zarom

Because didn't work with Exchange, can't help with root cause. I can advise in case a solution is not found - all the actions you specified can be performed in powershell. It will take some time to write a small script that will go through all the users and change these parameters in the accounts.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question