We're receiving reports of users who are unable to forward messages via the TUI in Modular Messaging. The call will come back to the originator's inbox as a new message. I've also experienced something while utilizing the web browser and I've also received reports of this: Half of one of my new messages comes back in as a new message in my inbox. Could this be a system issue or just user error?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can't Forward Calls? Or calls Come back to originator's inbox
- Thread starter bseymour
- Start date
Is this a MSS backend ?
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
- Thread starter
- #3
This is a MSS back end and we figured out the issue with the forwarding not working. We had to reconfigure our sending restrictions.
Still don't know what's going on with receiving portions of old messages in as a new message. Any ideas on that one?
Still don't know what's going on with receiving portions of old messages in as a new message. Any ideas on that one?
We have a 1.1 for Exchange customer and forwarding via the TUI has stopped working. I know they recently made a change that affected "send-as" permissions, so I would imagine this is where we need to look based on your previous post. Do you know the specifics?
Thanks!
Thanks!
What do they hear? Does it say message canceled?
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
Yes it is the send as restriction. One way around it is to go to the user in AD and set them up to send on behalf of themselves.
Or see below
Microsoft has altered the "Send As" functionality of Microsoft Exchange 2000 and Exchange 2003 servers. Previously the "Send As" permission is implicitly included when "Full Mailbox Access" is granted to a user. From future build versions of Exchange the "Send As" permission feature must be added separately to the MM Security Group.
The "Send As" permission fix is included in all store.exe hotfix builds 6619.4 and higher for Exchange 2000 Service Pack 3. This fix is also included in hotfix builds 7233.51 and higher for Exchange Server 2003 Service Pack 1 (SP1). And hotfix builds 7650.23 and higher for Exchange Server 2003 Service Pack 2 (SP2).
This functionality will become standard in all future Service Packs for Microsoft Exchange.
An MM system with an Exchange backend that has this update applied will no longer be able to deliver call answer messages to MM enabled mailbox users. When call answer messages are processed by MM messages are initially stored in the Spool folder ready for delivery to Exchange, unless the "Send As" permission has specifically been added to the MM security group the messages within this folder can not be delivered and will be continually retried.
In addition Users that log into the TUI, will not be able to send messages to other users and will receive a ?Message Cancelled? statement from the system.
Resolution:
To enable MM to continue to deliver Call Answer messages to subscribers and allow users to send TUI messages to other users the MM Security Group must be granted the "Send As" permission. This permission is added at the Root of the Forest to allow this property to be populated to every object within the Forest; however this distribution is dependent upon possible restrictions within the Forest. By default inheritance throughout the Forest is enabled for basic users, however if inheritance has been disabled anywhere within the Forest a user object will not receive this permission, in such instances, either inheritance must be enabled or the specific "Send As" permission must be applied to that specific user.
1.
Start the Active Directory Users and Computers management console from an account that has Domain Administrator rights.
2.
On the View menu, make sure that the Advanced Features option is selected. If this option is not selected, the Security page will not be visible for domain and container objects.
3.
Open the properties of the domain, and then click the Security page.
4.
Click the Advanced button.
5.
Click Add, and then select the MM Security account..
6.
In the Applies Onto list, click User Objects.
7.
Navigate to the bottom of the Permissions listed. Click "Allow" to the "Send As" permission.
8.
Click OK until you have exited and saved all changes.
9.
Stop all MM services on all Messaging Application Servers.
10.
Using Users and Computers, delete all the External Caller entries within the Octel Container. (View advanced features needs to be enabled to see the Octel container)
11.
Reboot all Messaging Application Servers.
Once the permission is applied the changes may take some time to replicate through the customers network, once complete the next time MM retries to deliver messages from the spool folder they should be delivered correctly, it may take some time for all the messages within the spool folder to be processed.
Member of Protected Groups.
Note: The following procedure only needs to be carried out if an account belonging to any of the protected groups listed below is Modular Messaging enabled.
The accounts and groups listed below and all members of these groups are protected by a background process that periodically checks and applies a specific security descriptor which is based on the AdminSDHolder object. This means that initially the "Send As" permission will be inherited by users that are members of these groups, however this permission will be removed and the permissions will revert back to those configured for the AdminSDHolder object.
Protected Groups and users:-
Administrators Schema Admins
Account Operators Enterprise Admins
Server Operators Cert Publishers
Print Operators Administrator account
Backup Operators Krbtgt account
Domain Admins
To add the permission to the the AdminSDHolder object the Dsacls.exe utility must be used this is shipped as part of the Windows 2000/ Windows 2003 Support Tools. ?The following procedure can only be carried out by a member of the domain administrators group.
1. ?From the Command prompt type the following, substituting dc=Avaya and dc=Com for the customer fully qualified domain name.
2. ?Type C:\Program Files\Support Tools>dsacls "cn=adminsdholder,cn=system,dc=avaya,dc=com" /G "\MM Security Group:CA;Send As"
3. ?Once complete the background process will take at least 1 hour till the adminSDHolder security permissions are replicated to the protected groups and members of those groups.
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
Or see below
Microsoft has altered the "Send As" functionality of Microsoft Exchange 2000 and Exchange 2003 servers. Previously the "Send As" permission is implicitly included when "Full Mailbox Access" is granted to a user. From future build versions of Exchange the "Send As" permission feature must be added separately to the MM Security Group.
The "Send As" permission fix is included in all store.exe hotfix builds 6619.4 and higher for Exchange 2000 Service Pack 3. This fix is also included in hotfix builds 7233.51 and higher for Exchange Server 2003 Service Pack 1 (SP1). And hotfix builds 7650.23 and higher for Exchange Server 2003 Service Pack 2 (SP2).
This functionality will become standard in all future Service Packs for Microsoft Exchange.
An MM system with an Exchange backend that has this update applied will no longer be able to deliver call answer messages to MM enabled mailbox users. When call answer messages are processed by MM messages are initially stored in the Spool folder ready for delivery to Exchange, unless the "Send As" permission has specifically been added to the MM security group the messages within this folder can not be delivered and will be continually retried.
In addition Users that log into the TUI, will not be able to send messages to other users and will receive a ?Message Cancelled? statement from the system.
Resolution:
To enable MM to continue to deliver Call Answer messages to subscribers and allow users to send TUI messages to other users the MM Security Group must be granted the "Send As" permission. This permission is added at the Root of the Forest to allow this property to be populated to every object within the Forest; however this distribution is dependent upon possible restrictions within the Forest. By default inheritance throughout the Forest is enabled for basic users, however if inheritance has been disabled anywhere within the Forest a user object will not receive this permission, in such instances, either inheritance must be enabled or the specific "Send As" permission must be applied to that specific user.
1.
Start the Active Directory Users and Computers management console from an account that has Domain Administrator rights.
2.
On the View menu, make sure that the Advanced Features option is selected. If this option is not selected, the Security page will not be visible for domain and container objects.
3.
Open the properties of the domain, and then click the Security page.
4.
Click the Advanced button.
5.
Click Add, and then select the MM Security account..
6.
In the Applies Onto list, click User Objects.
7.
Navigate to the bottom of the Permissions listed. Click "Allow" to the "Send As" permission.
8.
Click OK until you have exited and saved all changes.
9.
Stop all MM services on all Messaging Application Servers.
10.
Using Users and Computers, delete all the External Caller entries within the Octel Container. (View advanced features needs to be enabled to see the Octel container)
11.
Reboot all Messaging Application Servers.
Once the permission is applied the changes may take some time to replicate through the customers network, once complete the next time MM retries to deliver messages from the spool folder they should be delivered correctly, it may take some time for all the messages within the spool folder to be processed.
Member of Protected Groups.
Note: The following procedure only needs to be carried out if an account belonging to any of the protected groups listed below is Modular Messaging enabled.
The accounts and groups listed below and all members of these groups are protected by a background process that periodically checks and applies a specific security descriptor which is based on the AdminSDHolder object. This means that initially the "Send As" permission will be inherited by users that are members of these groups, however this permission will be removed and the permissions will revert back to those configured for the AdminSDHolder object.
Protected Groups and users:-
Administrators Schema Admins
Account Operators Enterprise Admins
Server Operators Cert Publishers
Print Operators Administrator account
Backup Operators Krbtgt account
Domain Admins
To add the permission to the the AdminSDHolder object the Dsacls.exe utility must be used this is shipped as part of the Windows 2000/ Windows 2003 Support Tools. ?The following procedure can only be carried out by a member of the domain administrators group.
1. ?From the Command prompt type the following, substituting dc=Avaya and dc=Com for the customer fully qualified domain name.
2. ?Type C:\Program Files\Support Tools>dsacls "cn=adminsdholder,cn=system,dc=avaya,dc=com" /G "\MM Security Group:CA;Send As"
3. ?Once complete the background process will take at least 1 hour till the adminSDHolder security permissions are replicated to the protected groups and members of those groups.
Ken Means
"I find that the harder I work, the more luck I seem to have."
- Thomas Jefferson (1743-1826)
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
