Originally Posted by RemyJ
I wish it were that simple. My problem is that wireless calendar sync works fine but I get the "You do not have permission..." message when the mail agent tries to retrieve the meeting invite to send to the phone.
Our SAs are pretty good and they've been all over the permissions and cdo.dll versions and can't find anything wrong. In AD Users, the BESAdmin account shows as having full acces to the mailbox of the users, the "view only admin" on the admin group is set and the and the 3 permissions are set on the exchange server and both the mailstore and public folders store.
My guess: the BES account which is being used actually has too much permissions.... If for example this account is a member of the Domain Admins or has Exchange Full Admin Delegation (Exchange 200* only) the account has received a specific deny on the full mailbox access. Deny has presedence over Allow. So check the permission again (advanced) and look for any denied permissions.
To check: run the CMD gpresult.
The BES Account can only have the following permissions:
Domain: domain user
Local BES: member of the Administrator group and allowed to start services
Exchange: delegate control > Exchange view only admin on the Administrative group and 'Send As', 'Receive As' and 'Administer Information Store' on the Exchange server(s) level. In this case keep in mind you need inherited permissions on.
Nothing more, nothing less.