CRM email router income account for exchange 2010 RRS feed

  • Question

  • Hi all,

    I have some issues with the income configuration with exchange 2010. The permission control changed in 2010. L

    I can make the connection fine when I configure the access credentials to be my account (domain + enterprise admin, Exchange organization manager)

    I think that isn't good enough because it is a personal account

    The problem comes when I change to different access credentials
    I tried to use Local system account but it said

    Error “The account does not have permissions to impersonate the requested user” occurs when you connect the Microsoft Dynamics E-mail Router to Microsoft Exchange 2010

    Then I found KB http://support.microsoft.com/kb/2015567
    I have added the system as organization manager, recipient manage and record manager. I am really not sure what permission it need to manage the recipient mailbox in 2010 (I though should be either recipient manager or organization manager)


    Any idea?

    Best Regard Vincent L
    Friday, March 5, 2010 3:34 PM


  • All right,

    I spend almost a day on this issues and found the fix. >"<

    This issue on apply to Exchange 2010 sine the ACL security approach is changed in 2010.
    In order to make Email router work for Exchange 2010. The connection account need to have Impersonation permission to all mailbox that you want to track in CRM.

    To make it work, I created a new Service account in AD. You can use the computer account but you need to re-apply the permission if you want to change the email router host.
    Than to modify and run the following script in Exchange Management Shell (you can use server name in the user)
    new-ManagementRoleAssignment -Name:"YourAssignmentName" -Role:ApplicationImpersonation -User:"domain\user"

    What it does is assign Impersonation permission(to all mailbox) to your specified user.
    You can also create a scope to limit what mailbox it can be Impersonation. see New-ManagementScope in http://technet.microsoft.com/en-us/library/dd335137.aspx

    after that you can run this script to verify it is created correctly
    Get-ManagementRoleAssignment "YourAssignmentName" | Format-List

    I wait another 5-10 minutes before it is populated and ran the test Access in CRM email router and it show all success :)

    Support reading
    Best Regard Vincent L
    • Marked as answer by Vincent L Saturday, March 6, 2010 2:27 PM
    Saturday, March 6, 2010 2:25 PM