Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Tue, 24 Jun 2008 08:47:12 -0700 (PDT),    group: microsoft.public.exchange.admin        back       


Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
I'm rolling out a new Exchange 2007 in the same domain as one where my
Exchange 2003 server exists.  One problem I'm having with my pilot
migration group is that the users moved from Exchange 2003 to Exchange
2007 cannot use OWA.  They get the following error:

---

Exception
Exception type:
Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext
owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext
owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext
owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext
owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on (domain
controller) This error is not retriable. Additional information:
Insufficient access rights to perform the operation. Active directory
response: 00002098: SecErr: DSID-03150A45, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
connection, DirectoryRequest request, DirectoryException de, Int32&
retries, Int32 maxRetries)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject
instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()

Inner Exception
Exception type:
System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
messageId, LdapOperation operation, ResultAll resultType, TimeSpan
requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest
request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
entry, DirectoryRequest request, ADObjectId originalId)

----

A mailbox created on the Exchange 2007 server has no problem at all.
I compared the permissions of both mailboxes, and there are no
differences at all.  Both are user mailboxes, in the same ou, etc.  I
imagine the problem may be buried deeper in AD in a not-so-obvious
place.  Some of the users I've migrated are seen as "Linked
Mailboxes", but I suppose that is from having an "Associated External
Account" as a legacy setting from when we had another domain.  Still,
the behavior is consistent between both mailbox types.

It'd be nice to be able to migrate users and have them access OWA.

Pete
date: Tue, 24 Jun 2008 08:47:12 -0700 (PDT)   author:   Peter Venkman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
set-mailbox username -applymandatoryproperties. Don't create the
mailboxes using ADUC; use Exchange 2007 EMC or shell. Use the Shell or
EMC to move mailboxes as well.



James Chong (MVP)
MCITP | EMA; MCSE | M, S,
Security, Project, ITIL
msexchangetips.blogspot.com

On Jun 24, 11:47 am, Peter Venkman  wrote:
> I'm rolling out a new Exchange 2007 in the same domain as one where my
> Exchange 2003 server exists.  One problem I'm having with my pilot
> migration group is that the users moved from Exchange 2003 to Exchange
> 2007 cannot use OWA.  They get the following error:
>
> ---
>
> Exception
> Exception type:
> Microsoft.Exchange.Data.Storage.StoragePermanentException
> Exception message: There was a problem accessing Active Directory.
>
> Call stack
>
> Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostL­ocally(OwaContext
> owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
> timeZoneKeyName, Boolean isOptimized)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostR­equest(OwaContext
> owaContext)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithout­Session(OwaContext
> owaContext, UserContextCookie userContextCookie)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchReque­st(OwaContext
> owaContext)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaCo­ntext
> owaContext)
> System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplicatio­n.IExecutionStep.Execute()
> System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
>
> Inner Exception
> Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
> Exception message: Active Directory operation failed on (domain
> controller) This error is not retriable. Additional information:
> Insufficient access rights to perform the operation. Active directory
> response: 00002098: SecErr: DSID-03150A45, problem 4003
> (INSUFF_ACCESS_RIGHTS), data 0
>
> Call stack
>
> Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLda­pConnection
> connection, DirectoryRequest request, DirectoryException de, Int32&
> retries, Int32 maxRetries)
> Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRa­wEntry
> entry, DirectoryRequest request, ADObjectId originalId)
> Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject
> instanceToSave, IEnumerable`1 properties)
> Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
>
> Inner Exception
> Exception type:
> System.DirectoryServices.Protocols.DirectoryOperationException
> Exception message: The user has insufficient access rights.
>
> Call stack
>
> System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
> messageId, LdapOperation operation, ResultAll resultType, TimeSpan
> requestTimeOut, Boolean exceptionOnTimeOut)
> System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequ­est
> request, TimeSpan requestTimeout)
> Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(Director­yRequest
> request, LdapOperation ldapOperation)
> Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRa­wEntry
> entry, DirectoryRequest request, ADObjectId originalId)
>
> ----
>
> A mailbox created on the Exchange 2007 server has no problem at all.
> I compared the permissions of both mailboxes, and there are no
> differences at all.  Both are user mailboxes, in the same ou, etc.  I
> imagine the problem may be buried deeper in AD in a not-so-obvious
> place.  Some of the users I've migrated are seen as "Linked
> Mailboxes", but I suppose that is from having an "Associated External
> Account" as a legacy setting from when we had another domain.  Still,
> the behavior is consistent between both mailbox types.
>
> It'd be nice to be able to migrate users and have them access OWA.
>
> Pete
date: Tue, 24 Jun 2008 10:27:52 -0700 (PDT)   author:   Jamestechman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
Thanks for the reply, James.  That was one of the first things I
attempted after finding it when I googled this error.  It did not
work.  Would I need to restart Exchange?  I also found the notes on
security permissions on the Users OU and at the root level of the
domain.  Both of those were already set as they should be.

I moved these mailboxes from Exchange 2003 to Exchange 2007 using the
Exchange 2007 Management Console.  Likewise, the Exchange 2007 mailbox
I created and which works fine with OWA was created in the Exchange
2007 Management Console.   Any other possibilities?

Thanks.

Pete
date: Tue, 24 Jun 2008 10:44:27 -0700 (PDT)   author:   Peter Venkman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
No restart of services necessary. Try the following on one account.

Try Set-Mailbox alias -Type Regular




James Chong (MVP)
MCITP | EMA; MCSE | M, S,
Security, Project, ITIL
msexchangetips.blogspot.com

On Jun 24, 1:44 pm, Peter Venkman  wrote:
> Thanks for the reply, James.  That was one of the first things I
> attempted after finding it when I googled this error.  It did not
> work.  Would I need to restart Exchange?  I also found the notes on
> security permissions on the Users OU and at the root level of the
> domain.  Both of those were already set as they should be.
>
> I moved these mailboxes from Exchange 2003 to Exchange 2007 using the
> Exchange 2007 Management Console.  Likewise, the Exchange 2007 mailbox
> I created and which works fine with OWA was created in the Exchange
> 2007 Management Console.   Any other possibilities?
>
> Thanks.
>
> Pete
date: Tue, 24 Jun 2008 10:48:44 -0700 (PDT)   author:   Jamestechman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
Thanks again, James.  That actually produces an error to the tune of
"No mailbox conversion is required because the mailbox "mailboxname"
is already of the type "Regular".

I may add the command you had listed before did change the accounts
that were marked as "Linked Mailboxes" to "User Mailboxes" when I ran
it after finding it on internet search.  Still no joy though.  The
same exact error persists.

Pete
date: Tue, 24 Jun 2008 11:52:01 -0700 (PDT)   author:   Peter Venkman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
See if permission inheritance is checked on these accounts. Go to the
properties of the user in ADUC; go to security tab; advanced. Is allow
inheritable... checked?




James Chong (MVP)
MCITP | EMA; MCSE | M, S,
Security, Project, ITIL
msexchangetips.blogspot.com

On Jun 24, 2:52 pm, Peter Venkman  wrote:
> Thanks again, James.  That actually produces an error to the tune of
> "No mailbox conversion is required because the mailbox "mailboxname"
> is already of the type "Regular".
>
> I may add the command you had listed before did change the accounts
> that were marked as "Linked Mailboxes" to "User Mailboxes" when I ran
> it after finding it on internet search.  Still no joy though.  The
> same exact error persists.
>
> Pete
date: Tue, 24 Jun 2008 12:17:03 -0700 (PDT)   author:   Jamestechman

Re: Exchange 2007 - Migrated Mailboxes Cannot Access OWA    
That was it.  Good catch, and thanks for the help!  Now onto my next
problem.  :)

Pete
date: Tue, 24 Jun 2008 12:55:44 -0700 (PDT)   author:   Peter Venkman

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us