cancel
Showing results for 
Search instead for 
Did you mean: 

Public Folder has no Permissions

StefanPh
Level 3

Hi!

 

We startet with PF-Archiving a few Weeks ago on EV 10 and used one single PF and its subfolders to get the proof, that it is working. At the beginning everyone was happy. The folder showed up in the Archive Explorer for everyone who had granted permissions on the original PF. After a while the PF did not show up any more in Archive Explorer. I checked the Archive in the console and then there was no single permission on that PF in EV anymore. The rights on the original folder in Exchange have not been touched and are still the same.

 

Running a DTRACE a see the following:

 

74571 10:39:14.139  [3176] (PublicFolderTask) <11652> EV:L {CFolderHelper::GetFolderSettings:#1109} Synchronising folder permissions for folder [Interne Systeme]
74572 10:39:14.139  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - Opening PR_ACL_TABLE
74573 10:39:14.171  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - Anonymous permissions exist on this folder
74574 10:39:14.171  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - add permissions to dacl
74575 10:39:14.171  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - Setting ANONYMOUS permissions to Security Descriptor, Grant Mask = 0x00000002
74576 10:39:14.171  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - Set the dacl in the security descriptor
74577 10:39:14.171  [3176] (PublicFolderTask) <11652> EV:M CSynchHelper::SFP(Interne Systeme) - Not updating security descriptor in the database as it hasn't changed

 

I can see no errors and I don't know why the rights are no longer synchronized correctly. Even when i change the rights on the original PF, the messages from DTRACE look the same. It seems that EV is not able to get the original rights anymore.

 

Any help is very welcome and thanks in advance!

 

1 ACCEPTED SOLUTION

Accepted Solutions

KarlW
Level 6
Employee

Have you checked the replica schedule and that the correct public folder database is set for the mailbox DB of the system mailbox?  If there are multiple replicas for this folder have you left enough time for the replication to occur before synchronizing?

It may also be worthwhile getting a folder permission dump from Exchange 2010 management shell (get-publicfolderclientpermission) to check this corresponds with Outlook.

It could also be a folder higher in the tree has lost its permissions, any break in the permission chain means  the lower folders won't be visible in Archive Explorer.

Thanks

Karl

View solution in original post

11 REPLIES 11

LCT
Level 6
Accredited Certified

What permisions are showing on the PF archive(s) after you have synched the permisions again?

StefanPh
Level 3

The permission list is still completely empty (attachment shows what I mean with completely empty ;-)), while there are several permissions on the original PF. Syncing the permissions is done every night with the Public Folder Task. To get a fast result I used "run now" on the PF-Task to the get permissions synced.

LCT
Level 6
Accredited Certified

Could you enable the dtrace and then perform a sync. on the PF task properties, there should be a synchronise tab (i believe) been a while since i touched PF folder archiving. A 'run now' won't sync the permissions.

StefanPh
Level 3

There is no manual synchronisization for PF. This is part of the regular task, including "run now" and this even in report mode. Sync-Tabs are only available for File und Mailboxes. I just checked this and also got this confirmed checking the EV-Forum.

 

As far as I can see now, only the rights for Anomymous and "Authenticated Users" are synced. So when I change the permission for Anonymous, those changes are perfectly synced. Only the permissions for everyone else are completely ignored.

JesusWept3
Level 6
Partner Accredited Certified

You're right that you do a run now to get the permissions.
quick question though, what version of exchange is this?

https://www.linkedin.com/in/alex-allen-turl-07370146

StefanPh
Level 3

It is a Exchange 2010 Server.

JesusWept3
Level 6
Partner Accredited Certified

hold on a second, are you determining the permissions based on the archive properties in the VAC?
What happens when you view it through PermissionsBrowser.exe instead?

https://www.linkedin.com/in/alex-allen-turl-07370146

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Further to what JW2 said, please use this:

How to use Permissions Browser to verify permissions on Public Folders

Article: TECH56331  |  Created: 2007-01-20  |  Updated: 2010-12-16  |  Article URL http://www.symantec.com/docs/TECH56331

 

StefanPh
Level 3

In the VAC the permission list for this public folder archive is completely empty. Looking through PermissionsBrowser I see, that there is Anonymous set. I made an screenshot (attachment) to show you how it looks like in PermissionsBrowser.

StefanPh
Level 3

I worked through this document and used the Permissions Browser to see, that Anonymous has some rights set but no one else. When I change the rights on the Public Folder via Outlook and do a Run Now on the PF-Task, the changed rights for Anonymous are synced to EV. The rights for everyone else on this PF are NOT synced to EV.

KarlW
Level 6
Employee

Have you checked the replica schedule and that the correct public folder database is set for the mailbox DB of the system mailbox?  If there are multiple replicas for this folder have you left enough time for the replication to occur before synchronizing?

It may also be worthwhile getting a folder permission dump from Exchange 2010 management shell (get-publicfolderclientpermission) to check this corresponds with Outlook.

It could also be a folder higher in the tree has lost its permissions, any break in the permission chain means  the lower folders won't be visible in Archive Explorer.

Thanks

Karl