Thursday, August 18, 2011

Event ID 12306 FSRM SMTP cannot send email

File Server Resource Manager - SMTP cannot send email to Exchange Server 2010

Problem:
Event ID: 12306
Event Source: SRMSVC

Event Viewer Application logs:
A File Server Resource Manager Service email action could not be run.

Error-specific details:
Error: IFsrmEmailExternal::SendMail, 0x8004531c, Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender.
Solution:
As of WS08 R2, FSRM attempts to authenticate against an Exchange Server using the computer account (domain\computername$ format) account of the server.  This computer account must be granted send as permissions on the mailbox that you are trying to send as, or it will fail with this error (where the same configuration will work on WS03 R2 without failing, assuming your receive connectors are already configured correctly).

I ran the following Powershell command on my Exchange 2010 server to grant the necessary permissions on the mailbox I was trying to send as, after which it began working:

Add-ADPermission -Identity "Mailbox Display Name" -user "Domain\ServerName$" -extendedrights "Send-as"

You can also substitute by using a domain group that contains the server computer accounts you want to allow.

7 comments:

  1. There are multiple objects matching the identity "helpdesk". Please specify an unique value.
    + CategoryInfo : NotSpecified: (0:Int32) [Add-ADPermission], ManagementObjectAmbiguousException
    + FullyQualifiedErrorId : 7423EB0,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

    ReplyDelete
  2. Where do you see this error message?

    ReplyDelete
  3. Add-ADPermission -Identity "Mailbox Display Name" -user "Domain\ServerName$" -extendedrights "Send-as"

    "Mailbox Display Name" is a DistinguishedName
    "CN=user,OU=OU1,DC=example,DC=com"

    ReplyDelete
  4. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS),

    Any ideas?

    ReplyDelete
  5. You need to have access to grant send as access to a computer account.

    ReplyDelete
  6. You could setup Microsoft SMTP services on the fsrm host or on another computer within your organization and relay through that host instead of enabling "send as" permissions in exchange for every server you want fsrm to send email from

    ReplyDelete
  7. I have different error: 5.7.1 Client is not authenticated. File serve is Windows 2008 R2, Exchange version is 2013 CU3. I created new receive connector, under security I've checked basic authentication and anonymous users. This helped.

    ReplyDelete