An impersonation error occurred when connecting Microsoft Dynamics 365 to Exchange Server on-premises

This article provides a resolution for the issue that you may receive an error that states An impersonation error occurred in accessing the mailbox while sending the email message "Test Message" when trying to enable a mailbox.

Applies to:   Microsoft Dynamics CRM
Original KB number:   3189639

Symptoms

When Server-Side Synchronization is configured between Microsoft Dynamics 365 (online) and Microsoft Exchange Server (on-premises), you receive one of the following errors after attempting to enable a mailbox:

An impersonation error occurred in accessing the mailbox while sending the email message "Test Message". Mailbox <Mailbox name> didn't synchronize. The owner of the associated email server profile <Email Server Profile name> has been notified.

An impersonation error occurred in accessing the mailbox while receiving email. <Mailbox name> didn't synchronize. The owner of the associated email server profile <Email Server Profile name> has been notified.

When you select Details for one of the errors mentioned above, you may see details such as the following:

ActivityId: <GUID>
>Error : System.Web.Services.Protocols.SoapException: The account does not have permission to impersonate the requested user.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeServiceBinding.EndFindItem(IAsyncResult asyncResult)
at Microsoft.Crm.Asynchronous.EmailConnector.FindItemsStep.EndCall()
at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeIncomingEmailProviderStep.EndOperation()ActivityId: <GUID>
>Error : System.Web.Services.Protocols.SoapException: The account does not have permission to impersonate the requested user.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeServiceBinding.EndCreateItem(IAsyncResult asyncResult)
at Microsoft.Crm.Asynchronous.EmailConnector.ExchangeOutgoingEmailProvider.EndCreateItem()

Cause

This error can appear if the user account specified to access the mailbox does not have impersonation permissions for the mailbox. The account used to access the mailbox is provided within the Email Server Profile record associated with the Mailbox record in Microsoft Dynamics 365.

Resolution

Make sure the user account provided in the Email Server Profile record has impersonation permissions to each associated mailbox. Within a mailbox record in Microsoft Dynamics 365, you can select the Server Profile value and review which account is provided within the Credentials section of the Email Server Profile record.

For more information on configuring Exchange impersonation, see:

• Configure impersonation
• Configuring Exchange Impersonation in Exchange 2010
• Impersonation and EWS in Exchange