This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 14.000000000000002%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
We're finally migrating from Exchange 2010 SP3 RU30 to Exchange 2016 CU18 (all on-prem). We have a 3rd-party archiving product that has full mailbox access to all mailboxes, which works fine on 2010 mailboxes but not on mailboxes moved to 2016. The service account does not belong to any groups with an implicit deny. It belongs to Organization Management and has full mailbox access assigned on the database level to every database (2010 and 2016). I can see the service account listed with full access when I look at mailbox delegation access in the EAC.
The service account mailbox has been moved to 2016, as have my mailbox and a shared mailbox (moved just to test full mailbox access).I can access my own mailbox on 2016, and have no issues connecting to the service account mailbox or the shared mailbox (both on 2016) or to any shared mailboxes I have on 2010. I do a Test Email-Autoconfiguration, and I see the proper results for all 3 email addresses.
I logged onto a server (with Outlook installed) as the service account. The service account mailbox can log into its mailbox on 2016 fine. I get a "Cannot expand the folder" when trying to have it log into my mailbox. If I try to connect to my mailbox via direct OWA link, I get a permissions error:
Something went wrong
You don't have permission to open this mailbox.
X-ClientId: A3928010D5E249FDB85ED585846804D3
request-id e5df08a7-f763-4ee7-a456-e75d4bfd37bb
X-OWA-Error Microsoft.Exchange.Clients.Owa2.Server.Core.OwaExplicitLogonException
X-OWA-Version 15.1.2106.2
X-FEServer Exchange2016ServerA
X-BEServer Exchange2016ServerB
Date:2/24/2021 1:36:58 PM
InnerException: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
What can be causing this to fail?
Hi @davrion ,
Please try assign full access permission to a single mailbox with:
Add-MailboxPermission -Identity "ServiceAccount" -User "User01" -AccessRights FullAccess -InheritanceType All
If that doesn't work, please try to reassign the permission or create a new test user and assign full access permission to your account and test if this time it works.
If that works, you can run this command to assign permission to all users.
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'ServiceAccount')} | Add-MailboxPermission -User ServiceAccount@domain.com -AccessRights fullaccess -InheritanceType all -AutoMapping:$false
Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @davrion ,
Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
We've tried directly assigning permissions to the mailbox in question. We've moved the mailbox for the service account to a new server/database as well. We'll try disabling the service account mailbox and creating a new one once we get the go-ahead from the 3P that we can do so.
Hi,
Looking forward to your good news! If there are any updates, feel free to post here, so we can better solver this issue.
Good luck.
Regards,
Lou