IT Infrastructure blog

June 29, 2009

User was unable to login OWA

Filed under: Exchange 2007,OWA — Akther @ 6:47 am
Tags: , , , ,

One user got below error when he tried to access OWA.  We are using Exchange 2007 server.


Exception type:


Exception message: There was a problem accessing Active Directory.

Call stack


Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)

Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)


System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception

Exception type:


Exception message: Active Directory operation failed on This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)


Inner Exception

Exception type: System.DirectoryServices.Protocols.DirectoryOperationException

Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)

Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)


This error may occur if the Allow inheritable permissions check box is not selected on the user object or on the OU container in Active Directory Users and Computers.


  1. Open the Active Directory Users and Computers snap-in.
  2. On the View menu, click Advanced Features.
  3. Open the properties of a user who cannot log on to Outlook Web Access.
  4. Click the Security tab, and then click Advanced.
  5. Select the Allow inheritable permissions check box if it has not already been selected.
  6. Repeat steps 3 through 5 for each organizational unit between the user object and the top-level container.
  7. Allow time for replication to occur.

User confirm that it’s working for him after i selected the Allow inheritable permission check box.




June 11, 2009

user was unable to access his OWA

User was able to access his outlook. But can’t access OWA.


When users try to log on to Microsoft Office Outlook Web Access in Exchange Server 2007, they receive the following error message:” A problem occurred while trying to use your mailbox. Please contact technical support for your organization




This issue occurs when the msExchVersion attribute is not set correctly on the user object in the Active Directory.

 Exchange 2007 uses the msExchVersion attribute to determine the version of Exchange that user objects are associated with. If the version value is less than 0.1, Exchange 2007 considers the object “read-only” and cannot write changes to the object.

 Note the msExchVersion attribute may not set correctly if you created the user’s mailbox by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in instead of by using the Exchange 2007 Management Console.



 To resolve this issue, type the following command at the Exchange Management Shell prompt:

Set-Mailbox User_Name -ApplyMandatoryProperties


To verify the msExchVersion attribute, type the following command at the Exchange Management Shell prompt:

Get-Mailbox User_Name | format-list ExchangeVersion




Blog at