User was unable to login OWA
One user got below error when he tried to access OWA. We are using Exchange 2007 server.
Exception
Exception type:
Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
Exception type:
Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on RUH-002-DC-001.prod.mobily.lan. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Cause
This error may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.
Resolution
- Open the Active Directory Users and Computers snap-in.
- On the View menu, click Advanced Features.
- Open the properties of a user who cannot log on to Outlook Web Access.
- Click the Security tab, and then click Advanced.
- Select the Allow inheritable permissions check box if it has not already been selected.
- Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
- Allow time for replication to occur.
User confirm that it’s working for him after i selected the Allow inheritable permission check box.
Thanks
Akther
Dear Akhtar,
Really amazing to seen this resolution and really miss u,keep it up for benifited growing technical aspirant who want to work on EXchange. Thanks a lot ,we expect more and frequently visit site.
Asif Eqbal -MIT
Dear Asif
I will try my level best to share my knowledge and experiance with you and who all are want to learn Exchange/SCCM. Keep visit my blog. Enjoy learning.
Thanks
Akther