Troubleshooting Exchange Server 2007 Event ID 1020

By | January 11, 2012

For Exchange Server 2007 users the following error message is a commonplace:

“The account ‘Domain\Administrator’ provided valid credentials, but is not authorized to use the server; failing authentication.

Event ID: 1020”

Elucidation:

The aformentioned error event is an indication of missing permissions on the receive connector. If the user account does not have MS-Exch-SMTP-Submit permissions then it is not authorized. This error occues when the user account does not have the authority to use Microsoft Exchange Server 2007 Hub Transport Server or Edge Transport Server that contains Receive connector, though the same account possesses the authority to use the Receive connector for inbound messages.

Pre-defined permission groups are assigned to Receive connectors. These permission groups contain pre-defined set of permissions granted to security principals that include users, computers and security groups. Using these permission groups the Receive connectors define the entities that can submit messages to it and the permissions assigned to those entities. In order to submit messages using the Receive connector a user account must possess MS-Exch-SMTP-Submit permissions.

Microsoft Exchange Server 2007 has pre-defined permission groups that can not be modified. Moreover, additional permission groups can not be created.

Resolve:

Being a MS Exchange user, if you are bugged down by the above stated error you need to verify that the user account has MS-Exch-SMTP-Submit permissions assigned on the appropriate Receive connectors on the Hub Transport Server or Edge Transport Server.

To grant the required permissions follow these steps:

  • Go to Exchange Management Shell
  • Run Get-ReceiveConnector
  • Note down the identity of the Receive connector on the server
  • See the current permissions owned by the user by:

Get-ReceiveConnector -Identity “SERVERNAME\Default SERVERNAME” | Get-AdPermission -User UsernameHere | Format-Table -View User

  • Run this command to add permissions for the user:

Add-AdPermission -Identity “Default SERVERNAME” -User Username -ExtendedRights MS-Exch-SMTP-Submit

If the above resolve does not solve the problem, then you can turn to Microsoft Exchange tools to troubleshoot this problematic event warning. These tools can be run from the Exchange Management Console. If the error persists due to corruption in Exchange Server 2007, then a sagacious approach becomes the aid of third party Exchange Server Recovery tools. Coupious utilities to recover Exchange server due to multifarious reasons of corruption are available on-line. These software support major versions of Exchange Server and have an interactive GUI, for use by both novice users and savvy Exchange professionals.

About the guest post author: Cauvery Varma is a technology specialist, working with Stellar Information Systems Limited. She is a passionate blogger who writes helpful articles about Exchange Server Recovery tools.