For Exchange Server 2010 users the following error message is a commonplace:
“The account ‘DomainAdministrator’ provided valid credentials, but is not authorized to use the server; failing authentication.
Event ID: 1020”
Elucidation:
The aformentioned error event is an indication of missing permissions on the receive connector. If the user account does not have MS-Exch-SMTP-Submit permissions then it is not authorized. This error occues when the user account does not have the authority to use Microsoft Exchange Server 2010 Hub Transport Server or Edge Transport Server that contains Receive connector, though the same account possesses the authority to use the Receive connector for inbound messages.
Pre-defined permission groups are assigned to Receive connectors. These permission groups contain pre-defined set of permissions granted to security principals that include users, computers and security groups. Using these permission groups the Receive connectors define the entities that can submit messages to it and the permissions assigned to those entities. In order to submit messages using the Receive connector a user account must possess MS-Exch-SMTP-Submit permissions.
Microsoft Exchange Server 2010 has pre-defined permission groups that can not be modified. Moreover, additional permission groups can not be created.
Resolve:
Being a MS Exchange user, if you are bugged down by the above stated error you need to verify that the user account has MS-Exch-SMTP-Submit permissions assigned on the appropriate Receive connectors on the Hub Transport Server or Edge Transport Server.
To grant the required permissions follow these steps:
- Go to Exchange Management Shell
- Run Get-ReceiveConnector
- Note down the identity of the Receive connector on the server
- See the current permissions owned by the user by:
Get-ReceiveConnector -Identity “SERVERNAMEDefault SERVERNAME” | Get-AdPermission -User UsernameHere | Format-Table -View User
- Run this command to add permissions for the user:
Add-AdPermission -Identity “Default SERVERNAME” -User Username -ExtendedRights MS-Exch-SMTP-Submit
If the above resolve does not solve the problem, then you can turn to Microsoft Exchange tools to troubleshoot this problematic event warning. These tools can be run from the Exchange Management Console.