IT Infrastructure blog

June 29, 2009

User was unable to login OWA

Filed under: Exchange 2007,OWA — Akther @ 6:47 am
Tags: , , , ,

One user got below error when he tried to access OWA.  We are using Exchange 2007 server.


Exception type:


Exception message: There was a problem accessing Active Directory.

Call stack


Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)


System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception

Exception type:


Exception message: Active Directory operation failed on This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)


Inner Exception

Exception type: System.DirectoryServices.Protocols.DirectoryOperationException

Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)


This error may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.


  1. Open the Active Directory Users and Computers snap-in.
  2. On the View menu, click Advanced Features.
  3. Open the properties of a user who cannot log on to Outlook Web Access.
  4. Click the Security tab, and then click Advanced.
  5. Select the Allow inheritable permissions check box if it has not already been selected.
  6. Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
  7. Allow time for replication to occur.

User confirm that it’s working for him after i selected the Allow inheritable permission check box.





  1. Dear Akhtar,

    Really amazing to seen this resolution and really miss u,keep it up for benifited growing technical aspirant who want to work on EXchange. Thanks a lot ,we expect more and frequently visit site.

    Asif Eqbal -MIT

    Comment by ASIF EQBAL — August 18, 2009 @ 6:42 am | Reply

  2. Dear Asif

    I will try my level best to share my knowledge and experiance with you and who all are want to learn Exchange/SCCM. Keep visit my blog. Enjoy learning.


    Comment by exchangeengine — August 18, 2009 @ 10:28 am | Reply

  3. I did that and i stil get the same problem ,its only the newest users that i created that gets the problem,please any advice would help, but i have ticked the inherit permissions tick box, and gave it time to replicate, but i still get the same problem

    Comment by Vincent — July 4, 2011 @ 10:53 am | Reply

  4. From where you created users? was it from Active Directory users and computers or directly from Exchange management console. try to create user from Exchange management console and let us know

    Comment by Akther — July 5, 2011 @ 8:19 am | Reply

    • its brand new users, so , i needed to create them on AD users and computers so that they can log on to our domain, then i went to exchange console,and created the mailbox there

      Comment by Vincent — July 5, 2011 @ 8:41 am | Reply

      • To resolve this problem, an Exchange administrator should run the following command in the Exchange Management Shell prompt:

        Set-Mailbox -ApplyMandatoryProperties

        Comment by Akther — July 5, 2011 @ 8:49 am

  5. i did that to, i even created a new user just in exchange a test mail box, to see if i can access the mail, is it pooosible that there is a communication gap between AD and exchange
    i am gonna create a test AD account and then a test mail acount linked to that AD account, and have a look,

    Comment by Vincent — July 5, 2011 @ 9:22 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: