FIM Notification Error: The server response was: 5.7.1 Client does not have permissions to send as this sender
Hi,
We have created and mail enabled the FIM Service account on Exchange 2010; for email notification purposes.
But it appears that when FIM tries to fire off a notification, it logs the following error in FIM Portal Event Viewer:
System: System.Net.Mail.SmtpException: Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender
at System.Net.Mail.DataStopCommand.CheckResponse(SmtpStatusCode statusCode, String serverResponse)
at System.Net.Mail.SmtpConnection.OnClose(Object sender, EventArgs args)
at System.Net.ClosableStream.Close()
at System.Net.Mail.MailWriter.Close()
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.ResourceManagement.Mail.IlmSmtpClient.Microsoft.ResourceManagement.Mail.ISmtpInterop.Send(MailMessage )
at Microsoft.ResourceManagement.Mail.SmtpServer.SendGenericMessage(GenericMessage message)
at Microsoft.ResourceManagement.Mail.NotificationMessage.Send()
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.SendMailMessage(MessageContent messageContent)
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
I have confirmed that Exchange allows email relay from the FIM Portal server (as anonymous even). I have also received and sent email as the FIM Service account (via OWA).
Is there any additional rights the FIM Service account needs on Exchange?
Thanks,
SK
April 26th, 2012 1:06am
Hi,
What kind of emailaddress are you using? Is it maintained by the same Exchange server? In the same domain?
I found this for you, maybe this can help..
http://papandut.com/2009/07/19/550-571-client-does-not-have-permissions-to-send-as-this-sender/
Best regards,
Pieter.Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 2:11am
It is an exchange org with both Exch2007 and Exch2010 servers in it.
email address is: fimservice@test.adatum.com
domain name is test.adatum.com
and I can send and receive email as the FIMService account (tested this via OWA)
April 26th, 2012 2:31am
Hello,
maybe the following link from the Exchange Server Forum can help you
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/e763de97-88a1-494d-9841-4f3a466b5604/
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 3:45am
we have found the solution:
NT AUTHORITY \ SELF was strangely missing from the FIM Service account in EMC, due to no inheritance for the account.
thank you for all your help.
April 30th, 2012 11:25pm
The account doesn't happen to be member of one of the protected groups such as the Domain Admins? Google for adminSDholder That would cause the no inheritance to occur. I would definately not make the FIM Service account a Domain Admin. There's no need
for that.
http://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 2:18am
Hi,
Its part of these groups:
- Domain Users
- FIMSyncAdmins
- FIMSyncBrowse
- FIMSyncPasswordSet
regards
May 3rd, 2012 2:37am
and none of these groups is member of another group? If that's not the case it's weird inheritance is off... Or perhaps that's done by the person creating the service account.http://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 2:41am