Exchange 2003 - Admins Cannot Create Contacts in ESM

KeepTheExchange
KeepTheExchange used Ask the Experts™
on
Error: An Exchange server cannot be found in the domain.

I've been looking into this for the better part of a week in an attempt to try to understand what is happening here.  We know that we can't recreate the error/issue (we're in another location from the admins that are experiencing this error).  I created a test account in the admins OU and matched it exactly to one of admins' account, I had no issue.  I looked at the GPOs being enforced to that specific OU and there is no difference between that OU to any other admins OU.  I looked at the explicit permissions for the "Contacts" OU, these are set correctly.  

I even went as far to get the admin to check which domain controller he's authenticating to with his admin account to ensure that was correct.  I also checked the event logs on each DC and could not find any warnings/errors normally associated with this type of issue, for the exception of event ID 1988 (this event is typical of our environment); that would suggest there to be a problem.  All looks normal.

Can someone offer any guidance?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This is a shot at this, but have you looked at this KB?

http://support.microsoft.com/kb/905809

Can those admins log on to the actual exchange server and are they in a group that has permission in exchange for delegation?

Author

Commented:
Yeah, I saw this one.  We're running Exchange 2003 SP2, this KB seems only applicable to SP1.  I appreciate it though.  Also, just an added note, the admins CAN create the contacts, but are unable to create an SMTP address with the contact.

I've got to tell you, I'm struggling with this one.  I'm attaching a screen-shot of the actual error.  If anyone has any suggestions, please feel free. Error.docx Error.docx
Did you verify if the admins or whoever can actually log in to the exchange server?

Here is another article saying the same basic thing.

http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/66bb6eae-bc66-477e-b404-949ace3da3d3/
I've figured this out.  Basically, read-only access for Authenticated Users was removed from the MSExchangeSA service.  When the admins were attempting to create the contact, the account had no way to know that Exchange was in the organization because it couldn't see the service.

Author

Commented:
Great answer and it works.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial