question

JerryMeister-2692 avatar image
0 Votes"
JerryMeister-2692 asked JerryMeister-2692 answered

Some users suddenly unable to access shared mailbox folders in OWA

Hey folks,
Exchange online / OWA environment (fully online no hybrid) - have 20 or so users all accessing various shared mailboxes with various shared subfolders all with different permissions. All using OWA. This has been working absolutely fine for the past year until Monday morning when all of a sudden 4 users in various countries couldn't access the usual folders with permissions. Only way they can have access is by delegating full mailbox access which I can't do as there are restricted folders in those mailboxes which they don't have user permissions to view/access.

Here's odd - make a brand new user with permissions - and they can't access either.
Make a new mailbox/share and those users can't access.
All permissions look correct through OWA mailbox permissions
All permissions look correct when adding the shared mailbox to Outlook desktop and querying permissions.
All permissions look correct when querying using Get-mailboxpermission and Get-MailboxFolderPermission through Powershell

Microsoft techs been on this since Monday and today we're trying New-MoveRequest but so far after 4 hours that doesn't seem to have fixed anything.

Even making a new licenced user and new shared mailbox/shared sub folders - still broken.
These users can 'see' the subfolders (as long as their permissions include 'folder visible') but cannot access.
users can even create subfolders within those very folders that they can't access, and then subsequently have no access to the new created ones, even though they are marked as 'owner'

Any clues or even wild experiments to try, gratefully received !
Much thanks

office-exchange-online-itpro
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JerryMeister-2692

have 20 or so users all accessing various shared mailboxes with various shared subfolders all with different permissions. All using OWA. This has been working absolutely fine for the past year until Monday morning when all of a sudden 4 users in various countries couldn't access the usual folders with permissions.

By this, do you mean except the "4 users", the other users out of the "20 or so" can still access the shared mailboxes as usual? If this is the case, how about testing on one machine with both a problematic user's account and a normal user's account to see the result? This helps eliminate whether the issue is related to a particular machine.

Besides, is there any detailed error message when the issue occurs to the 4 users?
Can they access the shared folders properly in the Outlook desktop client?


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Hey thanks for joining the conversation mate.
At the moment it's looking like ALL users (well, at least those that have bothered to test for me !) cannot access any shared mailboxes UNLESS they are given full delegate access.
No-one has/uses Outlook desktop app so I can't check that sorry, though when I load a shared mailbox account into my own desktop app all the permissions appear as they should for the users.
The only error is the 'Access Denied' padlock and key image when they try and access the folder.

0 Votes 0 ·

Hello,

I have the same issue since today (Monday, everything was fine on Friday).
I have been using 5 different shared mail boxes the last few years and today I have only access to one (+ my main mail box)
The access hasn’t been changed. (We checked that and it is fine).
Only on my mobile phone I am still able to see all boxes but on any computer devise the system say that a do not have the access to this.
Thanks for your help.

Marie

0 Votes 0 ·

Hi @MBGic-1411

Did your issue ever resolve? I missed tagging you in my post below.

I can no longer access user mailboxes converted to shared after 6 years of everything working fine.

Microsoft is giving me the run-around for 10 days now.

Thanks,
-Nick

0 Votes 0 ·
SvenDijkstra-3207 avatar image
0 Votes"
SvenDijkstra-3207 answered YukiSun-MSFT commented

Same issue here. I have several users, making use of OWA who can suddenly not access shared mailboxes. (they can in the Outlook client, just not in OWA)
Been following this thread since Monday. Happy to see I'm not alone. Was hoping for resolution by now.
Editing permissions, doesn't seem to change anything.
Please, a fix is wanted.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I feel for you man ! Good you can still access through Outlook Client. If you have the option - I had my agent/re-seller escalate the issue to premium support, that was the only way to get stuff moving along. It still took from Monday morning till Wednesday lunch to get fixed but compared to the week wasted beforehand going back and forth doing the all the same tests and powershell commands I'd already run, it was a good call.

In the end I had 3 cases open and escalated PLUS the premium support case - just keep banging on at them mate, it's just shoddy how the system leaves you hanging. Open another case requesting escalation. I feel for the customer support peeps that we speak to who really can't do much more beyond the basic and get fed whatever from higher up the chain to the lofty heights of engineers that can't give a straight answer or acknowledge a stuff up or a fault.

I'm assuming you've checked sub folder and mailbox permissions through powershell too ?
And all your users have minimum Reviewer level permissions at INBOX level of shared mailboxes ? (just ticking the boxes here, excuse if you've done that a million times for tech support already :) )

Fingers crossed for you mate.
J

0 Votes 0 ·

Hi @SvenDijkstra-3207,

As has been mentioned above by @JerryMeister-2692, you have already checked the permissions as we discussed earler, right?

If this is the case, considering that Jerry's issue was just "resolved for no apparent reason", I personally assuming maybe any change was made from the backend of Exchange online that finally brought everything back to normal. So for your situation, I'd recommend giving it some time and see if there would be any improvement. If the problem persists, you may try to open up a new thread or start a service request for this issue.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
JerryMeister-2692 avatar image
0 Votes"
JerryMeister-2692 answered JerryMeister-2692 commented

Continuing back and forth with MS and they have come this to me and said 'this is by design' - 'this' being shared folder permissions in a mailbox sub folders that has worked absolutely fine for a year or so. Which sounds like a fob-off to me.

Can I ask if anyone else is sharing shared-mailbox sub-folders with per-user permissions set in OWA or PS and those users NOT being full-access delegates ?

The MS engineer said to give users delegate access instead as 'that's how the system is designed to work' but in trying that out anyone with delegate access gets full mailbox permission and the OWA folder permissions then get ignored.

I feel like MS is giving me the run around here - this was working fine until last Monday morning and since then no-one in our tenant can access shared mailbox folders except the admins with full delegate access.

Cheers all
J

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JerryMeister-2692

May I know if you have checked and made sure the users also have proper permissions to the parent folders and root folder of the shared subfolders?

I just tried it in my test tenant and here's what I experienced:
1. Login as User1, chosse Inbox folder, right click it and assign Reviewer permission to User2:
121655-1.png
2. Login to OWA as User2, right click in the Folders pane, try to open User1's shared folder, but no folders can be seen:
121662-2.png
121671-3.png
3. Then I login as User1 again, choose the root folder, right click it and choose Permission, grant Reviewer permission to User2:
121649-4.png
121570-5.png
4. Check User2's OWA and this time User1's Inbox folder is visible:
121672-6.png

Feel free to let me know if I have misunderstood anything in my test procedure.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·
1.png (59.1 KiB)
2.png (21.8 KiB)
3.png (1.8 KiB)
4.png (28.0 KiB)
5.png (29.4 KiB)
6.png (29.7 KiB)

Hey thanks so much for that - yes pretty much as that except I can't do a log-on for the shared mailbox (as it's a shared mailbox, not a licenced user)

So here's how the permissions are set/checked:

click my profile pic / choose "open another mailbox"

put in the username of the shared mailbox / mailbox opens in a new tab
right click Inbox and set 'permissions publishing editor' (currently this throws up an error saying "can't complete your request / Permissions can't be saved for folder Inbox" (but that used to be how it worked)
I then did that for all users/sub folders in the shared mailbox.

If I right-click the Root 'Folders' above inbox it gives me the permission box again but strangely enough shows MY email address and not the shared mailbox. Engineers confirmed this happens to them too.

It's like, all of a sudden the whole shared mailbox system/structure is just broken for us.

Engineers have just come back with some PS commands to try so I will give that a go and report back.
Thank you for your valuable time and input, it's very much appreciated
J





0 Votes 0 ·

Hi @JerryMeister-2692

Engineers have just come back with some PS commands to try so I will give that a go and report back.

Hopefully the commands can work for you.

And in case the issue persists, would you mind sharing the current permission settings from your side via either the OWA screenshots or output of Get-Mailboxfolderpermission and I can help test on my end to see how things are going. Do remember to remove all personal information involved when sharing the details to protect your privacy data.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Thanks YukiSun! Just run Using Get-EXOMailboxFolderPermission on a couple of sample mailboxes and all permissions show as they should - here's quick sample:

Get-EXOMailboxFolderPermission -Identity sharedmailbox@domain.com:\ -User user1@domain.com

Identity : sharedmailbox:\
FolderName : Top of Information Store
User : user1@domain.com
AccessRights : {PublishingEditor}
SharingPermissionFlags :


Get-EXOMailboxFolderPermission -Identity sharedmailbox@domain.com:\INBOX -User user1@domain.com

Identity : sharedmailbox:\INBOX
FolderName : Inbox
User : user1@domain.com
AccessRights : {Editor}
SharingPermissionFlags :


Thanks for looking at it mate, much appreciated.
J

0 Votes 0 ·

Hi @JerryMeister-2692,

Just run Using Get-EXOMailboxFolderPermission on a couple of sample mailboxes and all permissions show as they should - here's quick sample:

From the output, the folder permissions look good to me as well. I've also tested using a shared mailbox in my tenant with the same permission as yours and it works on my end:
121837-1.png

With the permissions above, User1 has no issue accessing the Inbox folder of the shared mailbox:
121923-2.png

Considering that it's a recently occurred issue in your environment, was there any changes made in your Exchange organization right before the issue started?


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
1.png (17.0 KiB)
2.png (20.4 KiB)

some more tests this morning - something is definitely broken !

First off I assigned a Microsoft 365 Business Basic licence to a previous shared mailbox (tempmailbox@domain.com)
Then made permissions for user test@domain.com to access (that also has MS365BB licence)
No access !

THEN, I shared my own Inbox and top level folder to temp user - No access ! what's more, even though the user can see the presence of my inbox, they only see a single sub folder, not all of them - and permissions are same.

Also tested assigning reviewer permissions to default and anonymous user across mailbox folders. Again, no access.

0 Votes 0 ·

Hey YukiSun thanks for staying on it - yup that's the strange thing; everything was left fine on Friday evening 30th July - Monday 2nd August people couldn't access shared folders that had been working fine for the past year. Nothing was changed by us over the weekend (I'm the only admin). It all seems very broken. Had our re-seller run pretty much all the same tests yesterday AND changing permissions via Outlook desktop client; still broken.

0 Votes 0 ·
JerryMeister-2692 avatar image
1 Vote"
JerryMeister-2692 answered NickSheen-2570 commented

Hey folks, finally resolved for no apparent reason !

During testing yesterday morning I noticed shared mailboxes were suddenly available. A quick survey from users as they came online around the different timezones reported all was good. Good news all round.

What I feel a lot of umbrage about is not only the glacial slowness that MS took to fix this (9 days to resolve from first notification) but now the distinct lack of any follow up and reporting as to what actually happened, why it took so long to fix and what's going to be done to stop it happening again. I swear we just put up with being treated like donkeys even though we pay for the service, coz we've nowhere else to go to and the dead silent brick wall is too hard to keep banging our heads against. Previously I had the whole company with Fastmail before this and for the past year I have had MANY opportunities to regret my decision to bring our email and associated messagaging etc over to exchange and OWA. The cons are slowly beginning to outweigh the convencience of the pros.

Anyhoo, if I do happen to glean any further useful info I will pass it on here for the benefit of others. In the meantime thanks heaps for your help and thoughts along the way.




· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OK this is as much as I could get back from the Frontline Support Team that were dealing with my case:

As explained, our senior team members had analyze the Fiddler logs and they were able to identify the error for access denied: {"Header":{"ServerVersionInfo":{"MajorVersion":15,"MinorVersion":20,"MajorBuildNumber":4394,"MinorBuildNumber":22,"Version":"V2018_01_08"}},"Body":{"Conversations":null,"FolderId":{"__type":"FolderId:#Exchange","Id":"REMOVED"},"MessageText":"Access is denied. Check credentials and try again., Cannot query rows in a table.","ResponseCode":"ErrorAccessDenied","ResponseClass":"Error"}}

I need to raise another ticket to get a Root Cause Analysis (which displays a remarkable lack of responsibility from MS but there you go) but for now - @SvenDijkstra-3207 , maybe get them to request Fiddler Logs and Step Recorder while you try and gain access to the blocked mailboxes using OWA. Looking at the log extract they gave me there's obviously an issue with user credentials getting passed to mailboxes, and - I'm guessing here - from the Cannot query rows in a table line, I'd say some corrupted user credentials database, but I'm spitballing on that one!

Let us know how you go man !

1 Vote 1 ·

Hey @SvenDijkstra-3207

I tried to get some more info that would maybe help you in your case, but this is what I got back in response!

I have further checked with my senior team regarding this and as it was resolved suddenly, I’m afraid we are not able to identify what exactly was done from the backend which resolved the issue. For other tenants that are having similar issue, you could advise them to contact MS support so that we could collect further information from them and engage our backend team in the troubleshooting process.


How the heck MS manages to run such a huge network based on some magic is beyond me :)

Anyhoo, hope you get yours sorted man, look forward to hearing more.
Cheersy
J



0 Votes 0 ·

Just FYI - spoke with one of the case managers and if anyone else has this problem - you can quote my case numbers to find the solution and speed your issue along:

original report Case #:26835973

request for escalation Case #:26915057

Frontline Support team case Case #:26936858

All the best !
J

1 Vote 1 ·

Hi @JerryMeister-2692,

Really appreciate it for these information! It would definitily be helpful to others who encounter a similar issue.

By the way, I just tried combining your sharing into this answer, and if you don't mind, you can click "accept answer" under your post to make it easier for others reading this thread to quickly find the useful information : )


Hi @SvenDijkstra-3207,

Just wondering how things are going on with your issue. In case it hasn't been fixed, agree with Jerry that you can open up a support ticket referencing to the case numbers he shared above, so that the backend team can be involved to help troubleshoot. Hope you issue can get resolved soon!


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

Done, thanks for that
J

0 Votes 0 ·

Hi @JerryMeister-2692 @YukiSun-MSFT @SvenDijkstra-3207

I'm having a similar issue in my tenant suddenly since 10 days ago. This post was one of the first things I found while trying to research.

We moved from Exchange on-prem to hybrid 6 years ago. Since then we regularly convert user mailboxes into shared mailboxes and delicense them. We are up to 1,447 mailboxes like this. We regularly have users accessing the shared mailboxes with the associated username and password via outlook.office.com, for many different reasons.

Suddenly July 19 2022, all these users started getting an error "OwaUserHasNoMailboxAndNoLicenseAssignedException" and cannot access the mailboxes with username and password.

Microsoft support is giving me the exact same run around "this is by design" "you can't use credentials to access shared mailbox" "you must apply full access permissions" but cannot account for this workflow working just fine over the past 6 years. They say they aren't allowed to open your old cases to research.

The current T2 rep is telling me it started happening in his tenant about 1.5 years ago and they just accepted that Microsoft made a change and it is replicating. I refuse to accept this without documentation from Microsoft saying they've changed it.

Desperate, I'm back to try and get any insight you may have after all this time, is it still working for you?
-Nick

0 Votes 0 ·

Hi @JerryMeister-2692,

During testing yesterday morning I noticed shared mailboxes were suddenly available. A quick survey from users as they came online around the different timezones reported all was good. Good news all round.

Great to know that the issue was finally resolved and thanks for keeping us posted here!

0 Votes 0 ·
JerryMeister-2692 avatar image
0 Votes"
JerryMeister-2692 answered

@NickSheen-2570 Hey man sorry to hear you're having the same issue. I escalated it with both MS AND got my reseller involved too. It is definitely a bug and not a 'working as intended' - but the fact they 'magically fixed it' then could not report how it was actually fixed leads me not to be of any help to you sorry Nick. But get it escalated and make a lot of noise and eventually the right people will take note and sort it out. Frustrating as all hell mate. And ridiculous that you have to jump up and down just to get some basic-level fixes. Good luck man ! Please come back here and share what happens. I was well in the dark when it happened to my tenant so hopefully at least you know you have company :)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.