Received the following error message,“The server to which the application is connected cannot impersonate the requested user due to insufficient permission,” when validating a mailbox that pointed to different account (i.e. 7777@garzafx.com) for delivering voicemail to support@garzafx.com.
Here is the technical background for the scenario.
a) Coexistence for Exchange 2007 SP3and Exchange 2013 CU1.
b) Cisco Unity Connection Server version 9.1.2TT1.11900-2TT1.
c) PowerShell command new-ManagementRoleAssignment -Name:RoleName
-Role:ApplicationImpersonation -User:’Account’ applied to Exchange 2013 environment per Cisco article Configuring Cisco Unity Connection 9x and Microsoft Exchange for Unified Messaging.
d) Deleted and recreated the AD account and mailbox (7777@garzafx.com) and migrated back and forth between Exchange 2007 and Exchange 2013, same result.
The whole error message reads as follows:
HTTP status=[200] Diagnostic=[Failed extract folder ID ” from response] Verb=[POST] url=[https://192.168.5.13/EWS/Exchange.ASMX] request=[<?xml version=”1.0″ encoding=”utf-8″?> <soap:Envelope xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:t=”http://schemas.microsoft.com/exchange/services/2006/types”> <soap:Header> <t:RequestServerVersion Version=”Exchange2007_SP1″/> <t:ExchangeImpersonation> <t:ConnectingSID> <t:PrimarySmtpAddress>support@garzafx.com </t:PrimarySmtpAddress> </t:ConnectingSID> </t:ExchangeImpersonation> </soap:Header> <soap:Body> <GetFolder xmlns=”http://schemas.microsoft.com/exchange/services/2006/messages” xmlns:t=”http://schemas.microsoft.com/exchange/services/2006/types”> <FolderShape> <t:BaseShape>Default</t:BaseShape> </FolderShape> <FolderIds> <t:DistinguishedFolderId Id=”deleteditems”> <t:Mailbox> <t:EmailAddress> support@garzafx.com </t:EmailAddress> </t:Mailbox> </t:DistinguishedFolderId> </FolderIds> </GetFolder> </soap:Body> </soap:Envelope> ] response=[<?xml version=”1.0″ encoding=”utf-8″?><s:Envelope xmlns:s=”http://schemas.xmlsoap.org/soap/envelope/”><s:Header><t:ServerVersionInfo MajorVersion=”8″ MinorVersion=”3″ MajorBuildNumber=”342″ MinorBuildNumber=”0″ Version=”Exchange2007_SP1″ xmlns:t=”http://schemas.microsoft.com/exchange/services/2006/types”/></s:Header><s:Body><soap:Fault xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”><faultcode>soap:Client</faultcode><faultstring>The server to which the application is connected cannot impersonate the requested user due to insufficient permission.</faultstring><detail><e:ResponseCode xmlns:e=”http://schemas.microsoft.com/exchange/services/2006/errors”>ErrorImpersonationDenied</e:ResponseCode><e:Message xmlns:e=”http://schemas.microsoft.com/exchange/services/2006/errors”>The server to which the application is connected cannot impersonate the requested user due to insufficient permission.</e:Message></detail></soap:Fault></s:Body></s:Envelope>]
To fix this issue perform the following steps:
1. Logon to Cisco Unity Connection Server.
2. Select Users and Find target account (i.e. 7777).
3. Verify SMTP address matches the account (i.e. 7777@garzafx.com).
4. Under LDAP Integration Status, select DO NOT INTERGRATE with LDAP DIRECTORY.
5. Ensure LIST IN DIRECTORY is selected.
6. Click SAVE for changes.
7. Under EDIT USER BASICS choose EDIT then MESSAGE ACTIONS, ensure VOICEMAIL is set to ACCEPT AND RELAY THE MESSAGE.
8. Verify RELAY ADDRESS is set to the different mailbox (i.e. support@garzafx.com).
9. Go to SMTP ADDRESSES ADD PROXY ADDRESS support@garzafx.com and click SAVE.
10. Go to UNIFIED MESSAGING ACCOUNT, under ACCOUNT INFORMATION select option for USE THIS EMAIL ADDRESS enter: support@garzafx.com.
11. Click SAVE, then TEST.
Successfully test results should look like the following:
Task Execution Results
Severity Issue Recommendation Details
The validation results for the user unified messaging service account 7777@garzafx.com with service GFX-Exchange-2013 are the following: Service “GFX-Exchange-2013”: AuthenticationMode=NTLM [use HTTPS/no-validate] Server=[192.168.5.13] Type=[Exchange 2007/2010] Username=[gfx\gfx_svc2013]
Mailbox 7777@garzafx.com was successfully accessed. Connected to 192.168.5.13 using EWS.
Read more:
Configuring Cisco Unity Connection 9x and Microsoft Exchange for Unified Messaging (CISCO)
garzafx 
Hello, We have the same issue with 2 users out of 7300.
I followed your steps but when I got the step to Relay the Message it asked for a Smart Host. We do not have that.
Any thoughts?
Thanks for your help.
LikeLike
Smart host should equal your mail server.
LikeLike