We're finally migrating from Exchange 2010 SP3 RU30 to Exchange 2016 CU18 (all on-prem). We have a 3rd-party archiving product that has full mailbox access to all mailboxes, which works fine on 2010 mailboxes but not on mailboxes moved to 2016. The service account does not belong to any groups with an implicit deny. It belongs to Organization Management and has full mailbox access assigned on the database level to every database (2010 and 2016). I can see the service account listed with full access when I look at mailbox delegation access in the EAC.
The service account mailbox has been moved to 2016, as have my mailbox and a shared mailbox (moved just to test full mailbox access).I can access my own mailbox on 2016, and have no issues connecting to the service account mailbox or the shared mailbox (both on 2016) or to any shared mailboxes I have on 2010. I do a Test Email-Autoconfiguration, and I see the proper results for all 3 email addresses.
I logged onto a server (with Outlook installed) as the service account. The service account mailbox can log into its mailbox on 2016 fine. I get a "Cannot expand the folder" when trying to have it log into my mailbox. If I try to connect to my mailbox via direct OWA link, I get a permissions error:
Something went wrong You don't have permission to open this mailbox. X-ClientId: A3928010D5E249FDB85ED585846804D3 request-id e5df08a7-f763-4ee7-a456-e75d4bfd37bb X-OWA-Error Microsoft.Exchange.Clients.Owa2.Server.Core.OwaExplicitLogonException X-OWA-Version 15.1.2106.2 X-FEServer Exchange2016ServerA X-BEServer Exchange2016ServerB Date:2/24/2021 1:36:58 PM InnerException: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
What can be causing this to fail?