[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 788
  • Last Modified:

access denied error when using the message tracking center in exchange 2003

I keep getting a access denied. Facility: win32 ID no: 80070005 Microsoft Exchange Management. When I try to track any email using the message tracking center in exchange 2003 sp2 running on windows 2003 server.
0
redvipergts
Asked:
redvipergts
  • 12
  • 5
  • 4
  • +1
1 Solution
 
ikshf143Commented:
Hi,

Check the applicationlogs and see if you find errors with Event ID: 7 and Event Source: MSExchangeMGMT. This error occurs when we are lacking permissions on the Store. If so then refer http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/storperm.mspx

Imran
0
 
ComputerTechieCommented:
Are you using an account with high enough permissions?

CT
0
 
redvipergtsAuthor Commented:
im using an admin account with domain admin privilages, exchange domain server and  exchange services
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
redvipergtsAuthor Commented:
i found a error msexchangemgmt event 8 that might refer to service denied user "admin"
0
 
ikshf143Commented:
Check for the permissions amy be some permissions got corrupted
0
 
redvipergtsAuthor Commented:
where do you check for permissions for this problem. i right clicked on the organization icon at the top of the tree and checked to see if i have full control and i do, im going to see if resetting it will fix and corrupted permissions.
0
 
redvipergtsAuthor Commented:
well i did not see a way to reset any permissions without deleting the account im using to access esm and recreating it, which im kinda worriend about not getting access back if i remove myself. I have verified permissions all the way down to the mailbox store and my account is in there.
0
 
ikshf143Commented:
Hi,

Open Adsiedit and browse to the following location, go to the properties of the server and select security then advanced and check for the permissions for Exchange Server Object, Exchange Administrators and Domain Admins, leave the allow inheritable checked.
CN=Configuration,DC=DOMAIN_NAME,DC=COM-->CN=Services-->CN=Microsoft Exchange-->CN=EXCHANGE_ORG-->CN=Administrative Groups-->CN=First Administrative Group-->CN=Servers-->CN=EXCHANGE_SERVER

Note: Incase you modify any permissions here you will have to restart the MSExchange System Attendant service for changes to take effect.

Imran
0
 
ikshf143Commented:
With reference to the previous Post.
Incase you do not have the Adsiedit utility. You would have to install the support tools from the Windows 2003 SP server CD and then go to the support tools command prompt and run adsiedit.msc.
You can download the tool from the following location as well. Download both the files
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=96a35011-fd83-419d-939b-9a772ea2df90
0
 
FearNoMoreCommented:
Run this command from your Exchange sever
Go to Start....Run....type in controlkeymgr.dll
This should bring up Stored user Names and Passwords screen
Clear out any user values that are stored in here
Log off the Exchange Server and relogin using your administrative credentials and check what happens now
0
 
redvipergtsAuthor Commented:
I dont know if i fully understand this
"Open Adsiedit and browse to the following location, go to the properties of the server and select security then advanced and check for the permissions for Exchange Server Object, Exchange Administrators and Domain Admins, leave the allow inheritable checked.
CN=Configuration,DC=DOMAIN_NAME,DC=COM-->CN=Services-->CN=Microsoft Exchange-->CN=EXCHANGE_ORG-->CN=Administrative Groups-->CN=First Administrative Group-->CN=Servers-->CN=EXCHANGE_SERVER"
I did open adsiedit and tried to add permissions for exchange server object and exchange administrators but i did not see a exchange server object.
0
 
redvipergtsAuthor Commented:
fearnomore
Go to Start....Run....type in controlkeymgr.dll
this was not a valid command on my server.
0
 
FearNoMoreCommented:
control keymgr.dll (there is a space between control and keymgr.dll)
0
 
redvipergtsAuthor Commented:
there are no users in this. should i add myself?
0
 
redvipergtsAuthor Commented:
well i added myself and no luck
0
 
FearNoMoreCommented:
Dont add yourself...Remove it from there...if there was any cached credentials there then only do we have to remove it.
Do this:
From the SERVERNAME object in ESM, right click and go to properties then select the Security tab.
Check the permissions for the Exchange Domains Servers object. If not at Full Control, set it to Full Control.
Open the properties of the SERVERNAME object and select the General tab. Select
the "Enable message tracking" checkbox to enable the option
Now check what happens
0
 
redvipergtsAuthor Commented:
ok, i added the full control check box to the exchange domain servers and i verified that "enable message tracking" was checked. still have the access denied message.
0
 
FearNoMoreCommented:
After doing this did you restart the Microsoft Exchange Management Service?
0
 
redvipergtsAuthor Commented:
I tried the both options and now i need to wait for a reboot at a convient time later today. will advise if that worked. thanks
0
 
redvipergtsAuthor Commented:
that did not work. any other suggestions? sorry for delay. client wanted to reboot server and they took there sweet time.
0
 
redvipergtsAuthor Commented:
problem was found in the security properties of the mail server in exchange system management under the user account. found a denied under list objects checked. removed check mark and it fixed problem.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 12
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now