Exchange Server Forums

Exception message: Problem accessing Active Directory

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Exception message: Problem accessing Active Directory

Page: [1]

Message

<< Older Topic Newer Topic >>

Exception message: Problem accessing Active Directory - 28.Feb.2008 6:19:46 AM

stevied

Posts: 20
Joined: 8.Sep.2004
From: England
Status: offline

A problem occurred while trying to use your mailbox. Please contact technical support for your organization

Request
Url: https://server:443/owa/lang.owa
User host address: xx.xx.xx.xx

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on server-DC1.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()

Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

This is strange as some users can't access OWA, but others can. The NT Authority\Self and domain\exchange domain servers have full access to the mailbox.

Any ideas please?

Post #: 1

Featured Links*

RE: Exception message: Problem accessing Active Directory - 29.Feb.2008 5:15:53 PM

loculi

Posts: 38
Joined: 15.Sep.2005
Status: offline

Hi Steve,

Have you tried checking the user properties for the individuals running into this problem?

1. In ADUC, right-click their user object and choose properties

2. Click on the security tab, then advanced

3. Ensure, "Allow inheritable permissions from the parent to propagate to this object..." is checked, if not, check it.

4. Wait for AD to replicate, then try logging into OWA as that user.

This fixed the problem for me, although your mileage may vary.

Cheers

(in reply to stevied)

Post #: 2

RE: Exception message: Problem accessing Active Directory - 7.Mar.2008 10:21:44 PM

sterlingblue

Posts: 1
Joined: 7.Mar.2008
Status: offline

I'm assuming that you're using exchange 2007 here.

Open Exchange management shell on the Mailbox server.

get-mailbox <alias> |fl *type*,*ver*

Replace <alias> with the users alias.

Your results will include the following fields:

Recipienttype: Usermailbox

and I suspect you'll see these one as well:
Recipienttypedetails: LegacyMailbox
ExchangeVersion: 0.0 (6.5.6500.0)

What that means is that exchange 2007 sees that as an exchange 2003 recipient object. OWA only likes current objects.

If that's the case, on the same mailbox server type:

set-mailbox <alias> -applymandatoryproperties

That'll tell exchange to apply the proper attribs to the object.

Then you should be able to access OWA.

Jamie

< Message edited by sterlingblue -- 7.Mar.2008 10:22:59 PM >

(in reply to stevied)

Post #: 3

RE: Exception message: Problem accessing Active Directory - 21.May2008 4:17:03 PM

romrunning

Posts: 50
Joined: 13.May2008
Status: offline

Just a note to say how helpful this was.

Loculi - you're exactly right. The key, I think, in the error message is the line where is says the "user has insufficient access rights." I had the exact same error message, and what you suggested fixed my problem.

Sterlingblue - I think you're referencing http://support.microsoft.com/kb/931747, which seems like a slightly different issue. Of course, we'll never know for sure as he didn't say if his problem was fixed.

(in reply to sterlingblue)

Post #: 4

RE: Exception message: Problem accessing Active Directory - 25.Jun.2008 5:52:51 AM

milena@miciosoft.com

Posts: 1
Joined: 25.Jun.2008
Status: offline

quote:

ORIGINAL: loculi

1. In ADUC, right-click their user object and choose properties
2. Click on the security tab, then advanced
3. Ensure, "Allow inheritable permissions from the parent to propagate to this object..." is checked, if not, check it.
4. Wait for AD to replicate, then try logging into OWA as that user.

It works!
Thanks!

(in reply to loculi)

Post #: 5

RE: Exception message: Problem accessing Active Directory - 4.Jul.2010 6:17:49 AM

h.tavakkoli

Posts: 1
Joined: 4.Jul.2010
Status: offline

Dear stevied

Do you run "Exchange Domain Prepare" on that domain?
To check this go to active Directory Users and Computers and from "View" menu select "Advanced Features". Right click on domain name and select "Properties".
In "Security" tab check if these two groups are exist:

"Exchange Recipient Administrators" (Read Permission)

"Exchange Servers" (without Permission)

If these groups were not existed, you should do "Domain Preparation" on this domain. Although it is useful to do this anyway.

To doing so do the following:
On Exchange Server run this command from command prompt:
setup /PrepareDomain:<DomainFQDN>
Example: setup /PrepareDomain:child1.domain.com

Please note that setup is located on Exchange 2007 DVD and you should be member of "Enterprise Admins" group.

Additionally you could prepare all of your domains by running this command:
setup /PrepareAllDomains

Good luck!

< Message edited by h.tavakkoli -- 5.Jul.2010 1:55:34 AM >

(in reply to stevied)

Post #: 6

RE: Exception message: Problem accessing Active Directory - 23.Jun.2011 5:02:04 AM

blisad1

Posts: 4
Joined: 23.Jun.2011
Status: offline

I think i have a solution for you try this
In ADUC, right-click their user object and choose properties
Click on the security tab, then advanced
Ensure, "Allow inheritable permissions from the parent to propagate to this object..." is checked, if not, check it. Wait for AD to replicate, then try logging into OWA as that user.

_____________________________

<a href="http://www.fabric-blinds.com">fabric blinds</a>

(in reply to h.tavakkoli)

Post #: 7