If you ever tried to install Google Message Continuity (following as GMC) in Microsoft Exchange 2010 environment, you would notice that there are no clear instructions on how to configure permissions for GMC's account to access your user's mailboxes.
The Installation Guide tells something extremely general (as I think they mostly tested GMC with Exchange 2003/2007). This is what the installation guide tells:
Given the fact that permission module was completely redesigned with Exchange 2010, the above isn't enough at all to complete the GMC setup.
After investigating and many trial-and-errors I did earlier this week, I was able to successfully setup GMC in Exchange 2010 environment.
Here is the step-by-step instructions how to setup permissions on Exchange 2010 server:
Remark: All of my examples are referencing to user account for GMC Server as "GMCAdmin"
Open the Microsoft Exchange Management Shell.
- Type: Get-MailboxDatabase | Add-ADPermission -User "GMCAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
- Type: Add-RoleGroupMember "View-Only Organization Management" -Member "GMCAdmin"
- Type: Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "GMCAdmin" -Identity "OU=<organizational_unit>,DC=<domain_1>"
By default, Microsoft® Exchange 2010 limits the maximum number of connections from the to the Address Book service to 50. To permit the GMC Server to run, you must increase the number of permitted connections to a larger value
On the computer that hosts the Microsoft Exchange CAS server, in
<drive>:\Program Files\Microsoft\Exchange Server\V14\Bin
- Using a text editor, open themicrosoft.exchange.addressbook.service.exe.config file
- Change the value of the MaxSessionsPerUser key to 10000
- Save and close the file
- Restart the Address Book service
By default, Microsoft Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits as necessary. The policies affect the performance of the GMC Server, so you should turn off client throttling for the "GMCAdmin" account that has a Microsoft Exchange mailbox.
On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
- Type New-ThrottlingPolicy GMCPolicy
- Type the following command: Set-ThrottlingPolicy GMCPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
- Type Set-Mailbox "GMCAdmin" -ThrottlingPolicy GMCPolicy
When you're done, make sure you have configured the GMC service to run with "GMCAdmin" account and being logged-in to the server which runs this service as "GMCAdmin" as well.