What Does The Delegate Settings Were Not Saved Correctly?

The error message "The delegates settings were not saved correctly" indicates that your attempt to grant or modify delegate access in a Microsoft Outlook or Exchange environment has failed due to a permissions issue, a server synchronization problem, or a corrupted setting. This error prevents the designated delegate from being properly added, removed, or having their permissions changed, disrupting calendaring and mailbox management. The issue frequently involves the "Send on behalf of" permission, which Outlook tries to set by default, but fails to write to the user's object in Active Directory.

Common causes for the error

Insufficient permissions

The most frequent cause is that the user trying to set the delegate does not have the necessary "Write Personal Information" permissions on their own Active Directory (AD) object. This prevents the update from being written to the directory and replicated across the network. A few scenarios where this can occur include:

• Disabled SELF permissions: The "SELF" object, which represents the user themselves, may have restricted permissions, preventing them from modifying attributes on their own user object.
• Outdated Exchange role groups: In older Exchange Server deployments (such as Exchange 2013), a specific role group like MyMailboxDelegation may not have been properly added during the initial installation, causing permission failures.

Synchronization and replication issues

For an Outlook client to set delegate permissions, it must connect to a domain controller that can be written to. If your client connects to a read-only global catalog server that is not local to your domain, the publicDelegates attribute cannot be updated, and the save operation will fail. This is a classic symptom in large, multi-site network environments where AD replication is involved.

Corrupted mailbox or delegate information

Sometimes, the problem isn't related to Active Directory permissions but to a corrupted or out-of-date entry within the mailbox itself.

• Stale or invalid delegate entries: The delegate list might contain a user who has been deleted from the organization, an invalid entry, or a legacy entry from a previous mailbox migration. This invalid data can block any new changes from being saved.
• Hidden free/busy message corruption: A hidden message in the mailbox, which stores free/busy and delegate information, can become corrupted. If this occurs, Outlook cannot read or write new delegate information. This often presents with an additional error message, "Unable to activate free/busy information".
• Migration-related issues: Migrating a mailbox from an on-premises Exchange environment to Exchange Online can sometimes cause delegate permissions to disappear or become corrupt.

Configuration conflicts

Overlapping or misconfigured permissions can also cause the error. Conflicts can arise if permissions are assigned from different sources (e.g., through PowerShell cmdlets and the Outlook client simultaneously).

In-depth troubleshooting and resolution

Addressing this error requires a methodical approach, often starting with the Outlook client and escalating to server-side checks if necessary.

User-level troubleshooting (start here)

1. Remove and re-add the delegate: This simple step can sometimes clear a minor corruption.
   • Navigate to File > Account Settings > Delegate Access.
   • Remove the problematic delegate(s).
   • Close and restart Outlook.
   • Add the delegate(s) back with the desired permissions.
2. Run with the /cleanfreebusy switch (pre-Outlook 2016): This command-line switch can repair corrupted free/busy information.
   • Exit Outlook.
   • In the Run dialog (Windows Key + R), type outlook.exe /cleanfreebusy and press Enter.
   • After the process completes, re-add the delegates.
3. Check for invalid delegates: If a user is no longer with the organization, they may still be on the delegate list.
   • Remove any former employees or invalid mailbox users from the delegate list before attempting to save new changes.

Administrator-level solutions (for IT professionals)

1. Correct Active Directory permissions: This is the most common and definitive fix for the "insufficient permissions" error.
   • Log in to a Domain Controller with administrative rights.
   • Open Active Directory Users and Computers.
   • Enable Advanced Features from the View menu.
   • Navigate to the affected user's object and open its Properties.
   • On the Security tab, highlight the SELF account.
   • Ensure the Allow box is checked for "Write Personal Information". If it isn't, check it and click OK.
   • Allow time for AD replication, then have the user retry adding the delegate.
2. Use PowerShell to reset delegate permissions: This approach can resolve deep-seated corruption issues that client-side fixes cannot address.
   • Use the Remove-MailboxFolderPermission cmdlet with the -ResetDelegateUserCollection parameter to remove all delegate settings from the mailbox.
   • Example: Remove-MailboxFolderPermission -Identity <alias>:\Calendar -ResetDelegateUserCollection.
   • Use Add-MailboxFolderPermission to add the delegates back.
   • Example: Add-MailboxFolderPermission -Identity <alias>:\Calendar -User <delegate alias> -SharingPermissionFlag Delegate.
3. Use MFCMAPI to clean hidden data: For persistent corruption where PowerShell isn't an option, a technical administrator can use the low-level MFCMAPI tool.
   • Caution: This tool is for advanced users. Incorrect changes can cause significant mailbox damage.
   • Exit Outlook and download the tool.
   • Log in and navigate to the user's message store.
   • Delete the PR_FREEBUSY_ENTRYIDS property.
   • Delete the LocalFreebusy hidden message.
   • Remove any stale SCHEDULE+ EMS Interface rules from the Rules table.
   • Reconfigure the delegate settings in Outlook afterward.

Summary of troubleshooting flow

1. Begin with the simplest steps: On the user's computer, remove and re-add the delegate in Outlook.
2. Escalate to advanced user steps: If the first step fails, use the /cleanfreebusy switch (for pre-Outlook 2016 versions) to repair free/busy data.
3. Involve IT administration: If the issue persists, the cause is likely related to server-side permissions or corruption. The administrator should check Active Directory permissions for the "Write Personal Information" right.
4. Use advanced tools: For persistent or complex issues, IT can use PowerShell cmdlets or MFCMAPI to forcibly reset or repair the delegate settings on the mailbox.