Solved

No permission to view/change/modify much of anything on Exchange Server 2007.

Posted on 2008-10-06
18
855 Views
Last Modified: 2012-08-14
Hello.  We have a new server deployment with Windows Server 2003 Standard and Exchange 2007.  We had exchange 2007 all setup and working.  Mail was flowing to the internet from the exchange server/clients and all was well.  Then, all was not well.  Now, it seems as if we don't have any permissons to access hardly any of the features of Exchange.  When I open Exchange, I am greeted with the following error when I click on Exchange Configuration in the tree view of Exchange Managment Console:

"You do not have permissions to read the security descriptor on CN=SERVER1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ourserver,DC=net.  It was running command 'get-ExchangeAdministrator'.

As I said everything was working until we installed Office 2003 on the server.  That's the only change that was made after the Exchange Server was successfully working.

A little background on the server:

Several different technicians have worked on this server.  It's current name SERVER1 was used when it was first built.  The name was changed at one point to something else after Exchange Server was installed the first time.  After changing the name back Exchange began to work.  However, a software installation was performed for some customer software and that software installed a 32-bit version of .Net Framework and broke Exchange.  .NET was completely removed (all versions) by the removal tool available from Microsoft and Exchange was completely (and forcibly) removed.  .NET framework was reinstalled (one version + patches at a time) and then we reinstalled Exchange Server and setup all the users and everything was great until (we're assuming) Office 2003 was installed.

More information:  Not only do we get the error above, but we can't access much of the Exchange Management Console.  The send connector area is blank as is Offline Address Book and a lot of other areas.  We can see all of the user mailboxes and they are able to store mail in them (the server is only used as storage right now with the users POPing their mail as we haven't set it to host it's own mail yet due to these problems), but we can't add mailboxes, change them or do anything in the console.

Thanks for your help,

Chris :o)
0
Comment
Question by:tganus
  • 11
  • 7
18 Comments
 
LVL 2

Expert Comment

by:akmilm
ID: 22650168
do you have the managment console on a workstation?
0
 

Author Comment

by:tganus
ID: 22651205
No. The management console is on the server with Exchange.
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22651297
Can you install exchange admin tools on your PC.
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22651335
Its the version of Mapi from the outlook install which has broken things - have you tried reinstalling the Exchange management tools?
0
 

Author Comment

by:tganus
ID: 22654732
No, we haven't tried that.  I will try that tomorrow.  Right now, the customer's location is closed and the CD isn't in the server.  I'm going to have the disc put in tomorrow morning so I can try the reinstall.  Thanks for the help!  =)
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22667355
how did this go?
0
 

Author Comment

by:tganus
ID: 22683601
Akmilm,  sorry for the delay.  I'm attempting to reinstall the Exchange 2007 Management Tools right now.  I can't for the life of me figure out how to do it.  I've tried running the DVD, using Add/Remove programs, etc. to no avail.  I must be missing something simple.  I thought it would let me select a reinstall/repair option at some point.  Please advise.  Thank you.  =)
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22684842
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22684849
Custom exchange installation and then install the management agent
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Expert Comment

by:akmilm
ID: 22684852
sorry - tools
0
 

Author Comment

by:tganus
ID: 22699635
I'm assuming due to the broken permissions, the Exchange Installation CD/Repair option in add/remove won't let me deselect Management Tools so that I can reinstall it on the server.
0
 
LVL 2

Expert Comment

by:akmilm
ID: 22700717
You need to select the management tools - to install
0
 

Author Comment

by:tganus
ID: 23004921
OK!  We finally got Exchange Management Tools loaded on a workstation in the domain.  The workstation is running XP Pro and has the 32-bit Exchange Managment Tools loaded.  I can go in and see and modify everything as normal.  With this new ability, can we now somehow fix the problems using the tools on the server?  I'm logged into the server/domain as administrator.

Thanks for your help and mostly your patience.  =)
0
 
LVL 2

Expert Comment

by:akmilm
ID: 23005133
Hi copy the mapi32.dll from the workstation with the managment tools c:\windows\system32
and copy it in the same location on your exchange server
0
 
LVL 2

Expert Comment

by:akmilm
ID: 23005147
or its on your exchange server under C:\Program Files\Exchsrvr\bin\mapi32.dll
0
 
LVL 2

Assisted Solution

by:akmilm
akmilm earned 500 total points
ID: 23005173
0
 

Author Comment

by:tganus
ID: 23005480
I copied over the mapi32.dll and it had no effect.  After looking at all of the MAPI32.DLLs on the server, none of them were actually modified by the installation of Office 2K3.  There's also a MAPI32.DLL in the c:\windows\syswow64 directory.  I tried that one as well to no effect.  I also uninstalled Office2K3.  Any other ideas?
0
 

Accepted Solution

by:
tganus earned 0 total points
ID: 23090318
We finally got this resolved.  Here's what our technician said he did to resolve the no permissions problem.

===================
Ok, these are the 2 steps I took.
 
First:
 
Removed a stored password that seemed to have been stuck in there.
 
Start > Run > rundll32.exe keymgr.dll
 
Second:
 
After I removed that stored username and password I (re)installed exchange 2007 SP1. After reboot everything was golden.
======================

Thanks for all your help akmilm!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now