Unable to manage a resource Mailbox through Outlook Web Access

Months ago I set up a Room Mailbox and was testing the settings, etc and I was able to manage it through OWA.  I just created 5 new Room Mailboxes. They show up as they should in Active Directory as disabled accounts, I can add the rooms to meeting requests,etc.  I cannot add the mailbox when using OWA so that I can change the resource settings.  I get the Outlook Web Access page where you choose your language and time zone, I click OK and get an error.  I have Full Access permissions.  Here is the error that I get on each Mailbox when I try to add it.  Please note I changed the server and domain names in this error message.

A problem occurred while trying to use your mailbox. Please contact technical support for your organization.  

 Copy error details to clipboard
 Show details

Request
Url: https://mail.outlookweb.ca:443/owa/lang.owa
User host address: 192.x.x.x

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

Call stack

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on reomoteserver.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Call stack

Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()

Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.

Call stack

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)

Thank you for the help.
gprettyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin OwensITIL Problem ManagerCommented:
Can you open the resource mailboxes from a full version of Outlook?
0
gprettyAuthor Commented:
Yes, I can add the mailbox to my profile.
0
Justin OwensITIL Problem ManagerCommented:
How are you trying to open it with OWA, specifically?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

gprettyAuthor Commented:
I followed instructions I found in an article online.  Click the drop-down by my name in the top right.  Enter the mailbox name and open.  This works fine for the room mailbox I created about 6 months ago, but the new ones get an error.
0
Justin OwensITIL Problem ManagerCommented:
What version of Exchange are you using?
0
gprettyAuthor Commented:
2007
0
Justin OwensITIL Problem ManagerCommented:
When creating resource mailboxes in Exchange 2007 you have to be sure to tell Exchange it is a resource when you are creating the account.  Here is a good walkthrough of the process:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-resource-mailboxes-exchange-server-2007-part1.html

Are these the steps you followed to create the resource mailboxes, or some other path?

Justin
0
gprettyAuthor Commented:
THat's the article I followed.  I read the three parts of the article.
0
gprettyAuthor Commented:
Hi Justin or anybody,

Do you have any suggestions?  Thanks.

0
aymanqCommented:
The message above shows that you dont have sufficient permissions.

Can you post the result of

Get-mailbox -Identity Resource_Mailbox | Get-adpermission -user Your_Account
 
0
gprettyAuthor Commented:
This command executes, but does not display any results.
0
gprettyAuthor Commented:
Can anyone help me?
0
Justin OwensITIL Problem ManagerCommented:
I would think that if he can open it up with Outlook it would not be a permission issue.  Each of those resource mailboxes should have an associated AD account.  Can you access OWA using that AD account and see if you can navigate within it (look at your calendar, for example)?
0
gprettyAuthor Commented:
I can't access OWA with one of the room accounts because, when they are created, they show up in active directory as a disabled account.  That is the nature of the Room Mailboxes.
0
gprettyAuthor Commented:
The thing that is driving me crazy is I created one Room Mailbox 8 or 10 months ago and I can add it to my OWA profile and edit the resource options.  However, any new room I have created recently is giving me the same error.  The error refers to Domain Controllers at remote sites, could AD replication be an issue?  Communication between DCs?  
0
Justin OwensITIL Problem ManagerCommented:
It is possible, I suppose.  Do you know how to check for replication health?

Honestly, everything you have done indicates it should be working.   How about this.  Use outlook to create a new profile and attach it to the room mailbox instead of your own.  If you have the permissions you indicated, you should be able to do that.  What I want to see is the mailbox opening up correctly somewhere as a primary.
0
gprettyAuthor Commented:
I created a profile for one of the meeting rooms, opened outlook with that profile and it updated flawlessly.  I can see all meetings that have been booked.  I am logged into the computer with my domain account.
0
Justin OwensITIL Problem ManagerCommented:
Now for the really long shot.  Can you now open that room from OWA as you were trying to do?
0
gprettyAuthor Commented:
No, still can't add it and I can't logon with that account because it is disabled by default,
0
gprettyAuthor Commented:
Does anyone have any suggestions?
0
Justin OwensITIL Problem ManagerCommented:
Unfortunately, without being able to actually see your setup (which is always an issue to some degree or another on a forum such as this), I am simply out of ideas for you.  I will try to get a Moderator to ping the Designated Experts again.

Justin
0
gprettyAuthor Commented:
THank you.  I understand where you're coming from.
0
gprettyAuthor Commented:
I called Microsoft and they helped me find the solution.  THe mailboxes were in the default Users OU, we moved the mailboxes from this OU to one that was created for the office location.  I was able to access the mailbox through OWA and set the resource options.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gprettyAuthor Commented:
Solution assisted by Microsoft.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.