?
Solved

Exchange 201O certificate error

Posted on 2012-09-04
6
Medium Priority
?
1,491 Views
Last Modified: 2012-10-29
Dear experts,

I have an error when I run "get-exchangecertificate".
error:
The operation on server "mycas" failed because it's not within your authorized scope. Use get-managementRoleAssignment to verify your scope or contact your exchange administrator. "Mycas" isn't within your current write scope. Can't perform save operation. it was running the command get-exchangecertificate -server mycas.

I'm running with domain admin account and all Exchange servers have "trusted exchange ..." in their local admin group. I have the error on all our exchange servers.

how can we solve this issue?
kind rgs,
0
Comment
Question by:DigitBoy
  • 3
  • 3
6 Comments
 
LVL 18

Accepted Solution

by:
Sushil Sonawane earned 1000 total points
ID: 38363469
Please check the user have the permission to access get command or certificate ralted command in Role Based Access Control.

Run the following commands:

Set-Mailbox "your admin account" -RoleAssignmentPolicy "default role assignment policy"

then check.

For more details RBAC please refer below link.

(http://technet.microsoft.com/en-us/library/dd298183.aspx)

(http://www.sysadminlab.net/exchange/rbac-and-exchange-2010-permission-model-explained-for-new-sysadmins)

(http://www.mikepfeiffer.net/2010/11/7-useful-one-liners-when-managing-rbac-in-exchange-2010/)
0
 

Author Comment

by:DigitBoy
ID: 38363541
thanks for your response, but our admin account doesn't have mailbox.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38363583
Create a mailbox then try it
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:DigitBoy
ID: 38363774
due to internal policy we cannot create for our domain admin accounts. Do you have another possible idea please?

How can i list if our domain accounts have the necessary permissions please?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38363815
whoami /group you will get only AD permission.
0
 

Author Closing Comment

by:DigitBoy
ID: 38546741
.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses
Course of the Month16 days, 8 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question