Problems logging in to new Exchange Server 2007 mailboxes via OWA

by Shijaz Abdulla on 19.10.2008 at 11:09

Sometimes users may face problems logging in to new mailboxes created or moved in to Exchange Server 2007 when they use Outlook Web Access. Users may get error messages like the one below (abridged):

Request Url: https://webmail.company.com:443/owa/lang.owa
User host address: 192.168.x.x

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on cs-ad-03.ad.hct.ac.ae. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Here are some of the things that you may want to try out when you face this kind of a problem:

  • Make sure that the user object is inheriting permissions from the parent object. To do this,
    • Open ADUC.
    • View > Advanced features
    • Right click on the user choose Properties.
    • On Security tab click Advanced
    • Make sure that this object inherits permissions from parent object is checked.
    • Click OK
  • Try running the following Exchange Management Shell cmdlet:
    Set-Mailbox "username" -ApplyMandatoryProperties
  • Make sure SELF has permissions on the user account and the user mailbox.
  • Make sure that there are no connectivity problems between Exchange Server and Active Directory. Also make sure that a GC is available.
Trackback Permanent Link

Leave a Reply