After recently doing an Exchange 2007 SP2 Upgrade and Rollup 1 for SP2, I encountered an issue with Impersonation.  I’m assuming this happened due to the SP2 Upgrade, not the Rollup, but be cognizant about the issue either way.  For this upgrade, Geomant Message Waiting Indicator (MWI) for Exchange 2007 Unified Messaging was being utilized.  Geomant MWI utilized Impersonation in order to light up the telephone when the user receives a voicemail.  This stopped working after the SP2/RU1 was applied to the system.

The issue

The error message we saw was as follows

2009-12-17 22:56:37,744 ERROR Com.Geomant.Exchange12.MWIService.ExchConnector – Failed to create search folder by using WebService for user: CN=Lastname\, Firstname,OU=OUHERE,DC=domain,DC=tld. Reason: The server to which the application is connected cannot impersonate the requested user due to insufficient permission. [1488]

2009-12-17 22:56:37,760 ERROR Com.Geomant.Exchange12.MWIService.ExchConnector – Failed to subscribe the user: CN=Lastname\, Firstname,OU=OUHERE,DC=domain,DC=tld for Exchange events.  [1488]

The fix

Run the commands to grant the service account impersonation rights as it previously had.  Please refer to the documentation previously used for granting impersonation. In the case of MWI, the following two commands were run:

Get-ExchangeServer | Add-ADPermission -User DOMAIN\MWISERVICE -extendedRights ms-Exch-EPI-Impersonation -InheritanceType none

Get-MailboxDatabase | Add-ADPermission -User DOMAIN\MWISERVICE -extendedRights ms-Exch-EPI-May-Impersonate -InheritanceType none