Resolving Permissions Issue for Mailbox Collection in Exchange Environment

Problem

The technical issue involved a permissions error when attempting to run a Collection against mailboxes within an Exchange environment. Despite ensuring that the source account had "Full Access" permissions to the mailboxes, the Collection process failed, impacting the ability to collect data from the mailboxes, which were critical for ongoing investigations. Symptoms included: - Error messages indicating insufficient permissions.
 

Error Message

The following error messages were observed during troubleshooting:

"Error code: 15003, Error Message: OpenMsgStore failed…Make sure that the source account has full access permission on …" (eDP Version 9.5).
"Status code 440,856 [#440856] Unexpected error…" (eDP Version 10.3).

These error messages indicate that the source account lacks the necessary permissions to access the mailboxes, despite Full Access permissions being validated using Exchange Management Shell commands.

Cause

Solution

To resolve the issue, the following steps were implemented:

1. Log on to the eDP server using the account with the System Manager role.
2. Use the Clearwell Utility to "Stop All Clearwell Services" (option 3).
3. Remove Microsoft Office from the Programs and Features Control Panel.
4. Reboot the server.
5. Repeat steps 1 and 2 above.
6. Install Microsoft Office 2019. Example:
   • 
7. Confirm a proper installation by launching Outlook and log on to Exchange to view the Inbox of the admin account.
8. Close Outlook.
9. Navigate to the eDP home page in a browser.
10. An account dedicated for Exchange Collections should be configured in eDP.
    • All Collections > Source Accounts > Exchange Collector.
    • Note the account used for this process (Example in yellow below):
      
11. Log off the eDP server and back on as this Exchange Collector account.
    • In the example above, it is edp\ex_collector.
    • Confirm that this account is a member of the local Administrators group.
12. Open REGEDIT and navigate to the following:
    • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
13. Delete each of the KEY’s on the left side that are beneath the Outlook key.
    • One may optionally export the Outlook key for safe keeping before deleting it.
    • Note that there may not be any lower level KEY's.
14. Close REGEDIT.
15. Open the Windows Control Panel.
16. Set “View by” (upper right) to be “Small Icons”.
17. Click on Mail (Microsoft Outlook) (32-bit).
18. Click Show Profiles.
19. Remove any profile listed in this window > click OK to close.
20. Open Outlook.
21. Continue through the setup of Outlook:
    • Enter the email address (for the logged on Exchange Collector account) > Connect.
    • Click "Exchange".
    • Uncheck the Outlook Mobile checkbox.
    • Click OK.
22. Once Outlook is connected to the mailbox, confirm that the mailboxes that were failing to be collected are listed in the left navigation pane.
    • NOTE: If each of these mailboxes do not exist, there is something wrong with Exchange and/or permissions. eDP is not active at this point. It is only AD, Outlook, and Exchange. Please contact an Exchange support team or follow the solution provided in KB 100044925 in the related article below.
    • Close Outlook.
23. Logoff.
24. Log back in to eDP using an admin account, or the account being used to perform the collection and open the browser interface for eDP.
25. Perform the collection that has previously failed.

Related Articles

eDP On-Premise Exchange Collection is denied access even though the Source Account has 'Full Access':
https://www.veritas.com/content/support/en_US/article.100044925.html