av.gosha
Posts: 1
Joined: 12.Mar.2012
Status: offline
|
Hello everybody, Some time ago I have encountered very strange error when users tried acess OWA. I tried to fix this according to article http://technet.microsoft.com/en-us/library/bb885050(v=exchg.80).aspx, but mentioned checkbox already set. Checked rights between user account and his OU and didn't see any differecies. Also tried to remove permissions inheritance and enable them back, but this didn't solve access problem. I also tried to add problem user account to Domain Admins group, wait for about 10-15 minutes and get a miracle =). User can succefully enter his/her username and password and get access to his own mailbox. I also tried to enable/disable mailbox features with EMC or Powershell, but it didn't give any result. If I remove user from Domain Admins group he still have access to OWA and successfully authenticates there. Here is original error, which users receives before all my gestures. Request Url: https://fqdn.servername.local:443/owa/lang.owa User host address: Client IP address Exception Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException Exception message: There was a problem accessing Active Directory. Call stack в Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() в Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized) в Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext) в Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie) в Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) в Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) в System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() в System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Exception Exception type: Microsoft.Exchange.Data.Directory.ADOperationException Exception message: Active Directory operation failed on koontz.morganstout.local. This error is not retriable. Additional information: Для выполнения операции права недостаточны. Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Call stack в Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) в Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId) в Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties) в Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() Inner Exception Exception type: System.DirectoryServices.Protocols.DirectoryOperationException Exception message: User doesn't have sufficient rights. Call stack в System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) в System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) в Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation) в Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
|