How to deal with an error in configuring 'Incoming E-mail settings'?

Let me start with my first technical post about Email enabled Lists or Email enabled Document Libraries:

Symptoms:  

Consider one fine day you decide to use e-mail enabled lists in SharePoint 2007.  Then you configure "Incoming E-mail Settings" in the Central Administration Page [related information is here: https://technet.microsoft.com/en-us/library/cc288433.aspx]. You select 'Yes' for the option 'Use the SharePoint Directory Management Service to create distribution groups and contacts? ' and provide necessary information like Organization Unit (OU) and Domain Controller (DC).

After completing the configuration, you start to configure a document library or a list to make it to accept incoming e-mails. Once you click OK button for that page, you may receive the following in the web page:

Error

Error in the application

You check application event log and you may not see any specific entry for this error.

Then you look into the SharePoint ULS log and you may find this entry:

Application error when access /_layouts/EmailSettings.aspx, Error=Error in the application.
at Microsoft.SharePoint.SPList.UpdateDirectoryManagementService(String oldAlias, String newAlias)
at Microsoft.SharePoint.SPList.Update(Boolean bFromMigration)
at Microsoft.SharePoint.SPList.Update()
at Microsoft.SharePoint.ApplicationPages.EmailSettingsPage.SubmitButton_Click(Object sender, EventArgs args)
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

If you disable custom errors for the associated web application in its web.config file, you may get the web page with this information:

Error in the application. at Microsoft.SharePoint.SPList.UpdateDirectoryManagementService(String oldAlias, String newAlias)
at Microsoft.SharePoint.SPList.Update(Boolean bFromMigration)
at Microsoft.SharePoint.SPList.Update()
at Microsoft.SharePoint.ApplicationPages.EmailSettingsPage.SubmitButton_Click(Object sender, EventArgs args)
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

NOTE: Sometimes this issue may occur when you try to disable Incoming e-mail settings option for a document library or a list.  To resolve the issue at that times, follow "For Situation 3:" in the section "How to resolve these situations?".

Why do we get this erro?

Situation 1. Application pool account that is used for the Central administration may be different from that of the web application on which you configure incoming e-mail settings.

This situation may also happen:

- if you had both Central admin and Web application service in a server

- and you moved the Central admin to a different server after some time.

In this situation, you may have two different application pool accounts for the Central admin. and for the web app (obviously in different machines). Let us say the boxes as:

Box A = Central admin. = AppPoolAccount-X
Box B = Web application = AppPoolAccount-Y

Situation 2. Your active directory may not have these attributes in it:

ms-Exch-mail-Nickname and
ms-Exch-RequireAuthToSendTo

Situation 3. The application pool account that is used for the Central admin. may not have necessary permissions in the Active Directory to create or delete objects.

How to resolve these situations?

For Situation 1:

Method 1:  If Central admin and the related web application are in the same server:

Change the application pool account to be the same for both Central admin. site and the web application.

Method 2: If Central admin. is in a different server:

1. Enable the "Windows SharePoint Services Web Application" service via the "Services on Server" on the box running the Central Admin service.

2. Create a new dummy application pool on the Box A running Central Admin and set it to run using AppPoolAccount-Y. Note that this application pool does not need to be associated with any virtual server in IIS.

For Situation 2:

This situation normally occurs if Exchange 2003/2007 is not installed [properly] in the DC.

So, how to verify whether the required attributes are available?

- Logon Domain Controller. Install Windows support tools from SUPPORT\TOOLS folder of Windows installation CD.

- Click "Start" >"Run"; type "adsiedit.msc" (without quotes).

- Expand Node Schema and click "CN=Schema, CN=Configuration,DC=Name-of-DC,DC=com".

- Search if you can find two attributes "CN= ms-Exch-mail-Nickname" and "CN= ms-Exch-RequireAuthToSendTo".

If the attributes are not available, running the setup of Exchange with setup/forestprep will automatically register the required two attributes in the active directory.

For Situation 3:

To be able to enable an email enabled list when using the "Directory Management Service" in WSS/MOSS 2007, the application pool account used for the Central admin. should have delegated Full Control of the OU that is to be used for creating contacts for SharePoint in the Active Directory.

To delegate Full Control for the application pool account, follow these steps:

1. In 'Active Directory Users and Computers' , right click on the required OU and select "Delegate Control".
2. Click Next and then click Add.
2. Enter the account name that is used as the app. pool account the Central Admin site and then select OK.
3. Select Next;then select the "Create a custom task to delegate" radio button. Select Next.
4. Select "This folder, existing objects in this folder, and creation of new objects in this folder" radio button if required. Select Next.
5. In the Permissions section, select these permissions:

"Create all Child Objects" and 

"Delete all Child Objects"

6. Click Next and then click Finish.

With the above setting you may be able to enable email on a list but you will fail when attempting to disable it. Then, what are we missing here?

The failure is due to the fact that we are attempting to delete the contact from the OU. To resolve the failure when disabling the email you will need to add one additional right to the admin account

Now let us see how to set the security options for the OU:

1. In Active Directory Users and Computers, select View menu and select "Advanced Features" if it is not selected.
2. Right click on the required OU and select Properties.
3. Select the Security tab and then select the Advanced button.
4. From the Permission Entries section, double-click on the application pool account that you delegated rights as mentioned above.
5. Select the option "Delete Subtree" that is listed under Permissions.
6. Click OK twice; then restart IIS on the SharePoint box.

Thanks for visiting my blog! - Jagadeesh. P