My university has a federated Exchange system. My college just upgraded to Exchange 2007 from 2003. Previously, non-exchange users with AD accounts could access an exchange user's calendar (with appropriate permissions) using OWA. Now in 2007 they can't. Non-exchange AD users can still see Public Folder calendars etc. It's not the URL I don't think. We constucted a link that works for Exchange users, but not non-exchange users: https://mail.BigSouthern.edu/owa/SomeUser@ad.BigSouthern.edu/?ae=Folder&t=IPF.Appointment This was not intended by the admins. They have no idea why you could before but can't now. Does anyone know how to turn this on? So that an exchange user could give calendar (or contacts, etc) permissions to AD users without Exchange accounts. Or can something be done to their AD account to give them access to exchange short of making them an actual Exchange acount? Thanks, Jiva Goswami

Permissions are not granted on the Exchange server level, but are granted by the Exchange user within the calendar permissions. Everyone in the university is in the GAL, but many don't have Exchange accounts.

I am confusing about your problem description. what's non-exchange AD users means? whether you points AD users without mailbox? If this, how can you let this non-exchange user access OWA? In Exchange 2007, we can run cmdlet "add-mailboxpermission" to add full access permission to some AD user to let it access other user's mailbox. please read this article. http://technet.microsoft.com/en-us/library/bb124097(EXCHG.80).aspx hope this helps, -Jason

Jason, It's a very large university. Everyone has a university activedirectory account, but not everyone participates in the Exchange system. I have people who need to see a Dr's schedule but not read his email. Full permission would be full permission, we just want the calendar. It would be similar to sharing a calendar with another Exchange user. But in this case they're an AD user without an exchange box. People have said that you can't do that. Well, in Exchange 2003 you could. At this point, Exchange 2007 doesn't. If some one nows exactly why it can't be done in E2007, that would be fine. No one has explained why yet, so my assumption is that maybe it could. We just need the right settings. John Jason Li-MSFT wrote: I am confusing about your problem description. what's non-exchange AD users means? whether you points AD users without mailbox? If this, how can you let this non-exchange user access OWA? In Exchange 2007, we can run cmdlet "add-mailboxpermission" to add full access permission to some AD user to let it access other user's mailbox. please read this article. http://technet.microsoft.com/en-us/library/bb124097(EXCHG.80).aspx hope this helps, -Jason

Top of list.

As you said, non-exchange users also can be displayed in GAL, I think that these non-exchange user may have the email address if no mailbox be given. Its important to have an email address otherwise the GAL shouldnt see the AD user. But Its easy to give an SMTP email address to an AD users. You can give the non-exchange user SMTP email address by recipient policy or Email address policy(In exchange 2007). Now, We can access others calendar via OWA 2007 by below steps. For example, If E2007User1 wanted to allow E2007user2 to see E2007User1s Calendar, we could perform the following steps to give permission to the Calendar folder: 1. Launch Outlook and login E2007User1s mailbox 2. Right Click the Calendar folder and select Properties. If the Calendar folder is not visible click on the Folder List Navigation Bar (or button if it is not visible as a bar) 3. On the Permissions tab, select Add 4. Add the E2007User2 account to the list. 5. As a minimum select Reviewer in the Permission Level. This allows E2007User2 to view the calendar. To permit changes to the calendar select at least Editor permissions. 6. Click OK. After performing these steps E2007User2 can now enter the following URL and view E2007User1s calendar: https://test.com/owa/e2007user1@test.com/?cmd=contents&f=calendar note: 1. Since my test domain is test.com, you need change the test.com to your own owa URL. 2. Meanwhile, You also need change e2007user1@test.com to the email address which shared the schedule. 7. Itwill direct you to login page, you just need to input the E2007User2's credential(doamin\username and password). More Article: =============== http://technet.microsoft.com/en-us/library/bb936726(EXCHG.80).aspx -Jason

Can someone please go beyond the painfully obvious, actually read the full question and give an answer that actually is somewhere closer to the mark? User is in the GAL with a USERNAME@ourdomain.edu address, but they use a different, non-exchange email system. They already have permissions correctly on the Exchange account as it worked fine in Exchange 2003. Now that we've upgraded to Exchange 2007, it doesn't. As far as I can tell, this was not intentional by the system admins. If they did intend to shut off that access (non-exchange to Exchange access), how would they shut it off? How would they turn it back on? This is what the non-echange usersget: Outlook Web Access could not connect to Microsoft Exchange. If the problem continues, contact technical support for your organization. Does anyone know another forum that has actual system administrators for actual very large, complex systems on it?

Here's the full error message from IE7: RequestUrl: https://servername.ad.UnivDomain.edu:443/owa/proxyLogon.owaUser host address: xx.xxx.69.123 ExceptionException type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientExceptionException message: Cannot open mailbox /o=XX/ou=XXX - Some Place Name/cn=Recipients/cn=SomeExchangeUser. Call stack Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry) Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry) Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString) Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags) Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString) Microsoft.Exchange.Data.Storage.MailboxSession.OpenAsDelegate(ExchangePrincipal mailboxOwner, ADOrgPerson delegateUser, IntPtr authenticatedUserHandle, CultureInfo cultureInfo, String clientInfoString) Microsoft.Exchange.Clients.Owa.Core.OwaClientSecurityContextIdentity.CreateWebPartMailboxSession(ExchangePrincipal mailBoxExchangePrincipal, CultureInfo cultureInfo) Microsoft.Exchange.Clients.Owa.Core.UserContext.Load(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.CreateUserContext(OwaContext owaContext, UserContextKey userContextKey, UserContext& userContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner ExceptionException type: Microsoft.Mapi.MapiExceptionLogonFailedException message: MapiExceptionLogonFailed: Unable to open message store. (hr=0x80040111, ec=1010) Diagnostic context: Lid: 18969 EcDoRpcExt2 called [length=726] Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=132][latency=0] Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x3F2 Lid: 26937 Lid: 21921 StoreEc: 0x3F2 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 26426 ROP: ropLogon [254] Lid: 22086 Lid: 6920 StoreEc: 0x80070005 Lid: 30409 StoreEc: 0x80070005 Lid: 19145 StoreEc: 0x3F2 Lid: 23241 StoreEc: 0x3F2 Lid: 32186 Lid: 8620 StoreEc: 0x3F2 Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x3F2 Lid: 26297 Lid: 16585 StoreEc: 0x3F2 Lid: 32441 Lid: 1706 StoreEc: 0x3F2 Lid: 24761 Lid: 20665 StoreEc: 0x3F2 Lid: 25785 Lid: 29881 StoreEc: 0x3F2 Call stack Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx) Microsoft.Mapi.ExRpcConnection.OpenMsgStore(OpenStoreFlag storeFlags, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, MapiStore msgStorePrivate, String& correctServerDn, ClientIdentityInfo clientIdentityAs, String userDnAs, String applicationId, CultureInfo cultureInfo) Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId) Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId) Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)

Hi John, According to my tests, it works well in the native Exchange 2007 environment by accessing OWA URL in this article. http://technet.microsoft.com/en-us/library/bb936726(EXCHG.80).aspx However, your environment is more complicated. Per my understanding till now, the whole university is an org and your college just upgrade to exchange 2007. Previously, your non-exchange users can access other mailbox users calendar. After upgrading to exchange 2007, it not work. To narrow down the cause, would you please create two users both with exchange 2007 mailboxes and test my previous steps. Meanwhile, since the situation may be urgent for you, I also recommend you contact Microsoft Professional Support directly. For your convenient, I include the entry link as below https://support.microsoft.com/oas/default.aspx?ln=en-us&prid=10258&gprid=435553 -Jason

Jason Li-MSFT wrote: To narrow down the cause, would you please create two users both with exchange 2007 mailboxes and test my previous steps. At this point, I can't imagine why I would test the system by creating two test exchange accounts. There are thousands of real users sharing calendars successfully at this moment. What help would two test exchange users give? Sharing calendars between Exchange users isn't the problem. The issue is an Exchange user and a non-exchange AD user with a @SameDomain.edu email address and who is already in the GAL. It worked before 2003. What is different about 2007 that might make this not work? Your answer misses the mark and gives an answer that the most inexperienced tech would already know. It doesn't hurt to cover the basics sometimes, but not this time. Or at least cover the right basics.If I have a problem starting my car, adjusting my seat isn't going to help. Although my seat should be adjusted properly for safe driving, it's not an issue if my car won't start. Stop pushing the seat adjustment theory.

top of list

I have this exact same situation, where I have non exchange users that need to see an exchange users shared calendar. Did you ever get an answer? Thanks.

this worked for me 1. Changed Distribution Group to Security Group 2. Run the below cmdlet from powershell0 Set-Distributiongroupidentity <DistributionGroupIdParameter> PN