Solved

Exchange 2010 SP1 failed 4003 INSUFF_ACCESS_RIGHTS

Posted on 2010-11-21
8
2,412 Views
Last Modified: 2012-05-10
Hey everyone,

Tried installing SP1 for exchange 2010, and got the following error as per the screenshot.  It seems to be the same error as in this guide:

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/d3a370a5-1061-4174-8454-8a1ca0c96fd4

I have tried all the steps countless times.  I am logged in as administrator, and so far, i have had no issues with permissions in setting up all other aspects of the server including exchange.

Thanks.
 screenshot
0
Comment
Question by:ben_kapel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34182673
Try "Alright I did something which might have fixed the issue... well I logged in with a different account which had "Domain Admins" "Schema Admins" and "Enterprise Admins" and enabled the "Include inheritable permissions from this object's parent"  property on the user account has mentioned in one of the steps above and it worked..."

Or add another account to schema admins and enterprise admins and run setup.com /prepareAD with that account and then you should be able to run the setup.com /mode:upgrade with your other account
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34182693
0
 

Author Comment

by:ben_kapel
ID: 34182875
G'day there mate, not sure if you noticed but I tried the steps in that thread.  For one they didn't work for me and secondly even if it did it bothers me that the administrator account can't access all aspects of what it should...

Cheers
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34182896
The bit after the "Or" comes from me so don't know if you tried that...
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 34187461
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

to do this,

On a Domain Controller, Click on Start/All Programs/Administrative Tools/Active Directory Users and Computers

Click on View and Select Advanced Features

Select a mailbox that isn’t working with Active Sync, double click on the account, Select the Security Tab and then the Advanced Button.

Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 34187476
Also please post the details in the log stored on SystemDrive\exchange setuplogs folder
0
 

Author Comment

by:ben_kapel
ID: 34204111
Thanks,

I forgot to add organization management the first time but i tried what you said and then added this and it worked
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34204786
So just to confirm the solution...
You added a new account to Schema Admins, enterprise admins and exchange org admins. You were then able to setup.com /PrepareAd with this account? Did you do the rest of the install with this account or with your other old account?

Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question