HI all, I have a brand new E2K7 production installation. The Exchange servers are installed only in the root mail and child domains have been domain preped. I assign full control permission for a mailbox in root doamin for an AD account in the child domain. The child domain AD account can access the mailbox using outlook. Things look good. But the child domain user can't access the mailbox using OWA. Following is the error " Outlook Web Access could not find a mailbox for Childdomain\childdomainuser1. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted. " The Exchange server is on E2K7 SP3 on Windows 2008 SP2. The owa is configured to provide domain name\user name. The owner of the mailbox (root domain user) has no problem accessing the OWA. swamy

He cant logon to his mailbox, or when trying to open another user mailbox he gets this error? The first link i think is your issue, if u are saying that u prepaired your domain. http://social.technet.microsoft.com/forums/en-us/exchangesvrclients/thread/1FF5F762-2EBC-4E7A-A0A3-2E769E8DB434 This is more an issue when not doing prepairdomain http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/4c46154f-d16c-49dc-97d0-33608117cbe4

Hi Zarko, Thanks for the reply. I have run the preparedomain command in all the child domans. Infact i can mail/mailbox enable the accounts in the child domain. swamy

When i run the BPA i get the following error. Do you thinks could be the problem? Permissions inheritance block on Active Directory servers container object Access control list (ACL) inheritance is blocked for the Active Directory servers container object (CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Bangalore,DC=Contoso,DC=co,DC=in). This may topology discovery problems and system attendant start up failures. Use the Active Directory Sites and Services program to re-enable inheritance on this object. swamy

Hi Install ADSI Edit and then start ADSI Edit. Click Start, click Run, type adsiedit.msc, and then click OK. Locate the object in question, right-click the object, and then click Properties. On the Security tab, click Advanced. Click Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance. Click OK two times to apply the change. Wait for Active Directory replication to propagate the changes, or force Active Directory replication if it is necessary. Regards from www.windowsadmin.info

On Sat, 7 Aug 2010 16:13:51 +0000, channavera wrote: > > > >When i run the BPA i get the following error. Do you thinks could be the problem? > > >Permissions inheritance block on Active Directory servers container object Yes, it could be the problem. Exchange depends on having certain access to mail- and mailbox-enabled objects. Unblock the inheritence. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi ManU, Rich and Zarko Thanks for the reply. I have applied the same configuration as mentioned at http://technet.microsoft.com/en-us/library/aa998240(EXCHG.80).aspx and also suggested by ManU. I have run the EXBPA and i don't see the permission error. I don't see the error which was frequent in the event viewer for the administrator. Will keep you updated, after the replication is complated and analyzing the log. Thanks for you help swamy

Hi All, I tested the owa access again, this time i get a different error "This mailbox cannot be opened. The mailbox may be located in a different forest from the Microsoft Exchange Client Access server. For access to the mailbox or for more information, contact technical support for your organization." swamy

Hi All, The issue is resolved. Not sure the earlier AD part has to anything to do with the error "Access control list (ACL) inheritance is blocked for the Active Directory servers container object (CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Bangalore,DC=Contoso,DC=co,DC=in). This may topology discovery problems and system attendant start up failures. Use the Active Directory Sites and Services program to re-enable inheritance on this object." In my case i has assigned a child domain user full access to a mailbox in the root domain mailbox and the child domain user is not either a mail / mailbox enabled, the child domain is domainpreped. So i have to use https://casfqdn/owa/rootdomainuser@domain.co.in and the child domain user can login using his credentials. Here in my case the primary SMTP address is firstname.lastname@domain.co.in unfortunately i forgot to add the dot (.) in the SMTP address. swamy