Tuesday, June 24, 2014

Office 365 public folders reject emails

Since two days mails to Office 365 (and probably MS hosted exchange too) are rejected.

The error message returned by the server have this error in them:

Remote Server returned '550 5.7.1 RESOLVER.RST.AuthRequired; authentication required [Stage: CreateMessage]'

 It seems that MS did change some policy/settings in the public folder management and did forgot to inform users and sys admins.

In non-hosted exchange environments, you had to set the CreateItem right on the email enabled public folders which should be able to receive (external) emails.
In office365 this was not required until a few days ago.

There are two ways to set the corresponding rights. For me, the way via Outlook did not work, since I did not see the ACL on the public folders in question.
But the way via PowerShell works just fine.

Do it the easy way (if it works)

Just open outlook and go to your email enabled folder(s) and do add the CreateMessage right for Anonymous access, as show in the following two printscreens.






If this does not work (or you have a lot of email enabled public folders), then you have to ressort to PowerShell

Do it via PowerShell

1. Start powershell as administrator (Only required if you need to change the execution policy )
2. Set the execution policy to allow signed remote code

Set-ExecutionPolicy RemoteSigned

3. Enter credentials for office365

$LiveCred = Get-Credential

4. Make a connection to office365

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

5. Import the cloud commands in your local powershell

Import-PSSession $Session –AllowClobber

6. Now set the CreateMessage right on all public folders recursively

Get-PublicFolder "\" -Recurse | Add-PublicFolderClientPermission -User Anonymous -AccessRights CreateItems
  
This changes the rights for all public folders. If you wish to set the right only for one public folder, thenyou can do it the same way, but instead of using the command in setp 6, you speicfy this command:

Add-PublicFolderClientPermission <path-to-folder> -User Anonymous -AccessRights createitems