[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange 2010 Unable to modify default receive connector

Posted on 2013-06-01
7
Medium Priority
?
1,199 Views
Last Modified: 2015-05-21
Getting this error trying to make a change to the default receive connector

I am using an account with organization management and full domain and enterprise admin permissions. I have made sure that inheritable permissions are applied on the account.

Does anyone have any troubleshooting ideas. Tried various fixes so far but cant get anything to work

_______________________________________________________________________________________________

Failed to save admin audit log for this cmdlet invocation.
Organization:  
Log content:
Subject: Domain.com/Users/exch_adm : Set-ReceiveConnector
Body:
Cmdlet Name: Set-ReceiveConnector
Object Modified: SERVER-EX01\Default SERVER-EX01
Parameter: Identity = SERVER-EX01\Default SERVER-EX01
Parameter: PermissionGroups = AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
Property Modified: PermissionGroups = AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
Property Original: PermissionGroups = ExchangeUsers, ExchangeServers, ExchangeLegacyServers
Caller: Domain.com/Users/exch_adm
Succeeded: False
Error: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on SERVER-DC01.Domain.com. This error is not retriable. Additional information: Access is denied.\r\nActive directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.\r\n   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)\r\n   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)\r\n   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable`1 clientSideSearchTimeout)\r\n   at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)\r\n   --- End of inner exception stack trace ---\r\n   at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)\r\n   at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)\r\n   at Microsoft.Exchange.Data.Directory.ADSession.SaveSecurityDescriptor(ADObject obj, RawSecurityDescriptor sd, Boolean modifyOwner)\r\n   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ReceiveConnector.SaveNewSecurityDescriptor(Boolean isEdge)\r\n   at Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnector.InternalProcessRecord()
Run Date: 2013-06-01T08:32:04
OriginatingServer: SERVER-EX01 (14.03.0123.002)
 
Error:
Exception thrown during AdminLogProvisioningHandler.Validate: Microsoft.Exchange.Data.Storage.ObjectNotFoundException: The discovery mailbox, a hidden default mailbox that is required to search mailboxes, can't be found. It may have been inadvertently deleted. This mailbox must be re-created before you can search mailboxes.
   at Microsoft.Exchange.Data.Storage.Infoworker.MailboxSearch.MailboxDataProvider.GetDiscoveryMailbox(ADRecipientSession session)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.AdminAuditLogHelper.CheckArbitrationMailboxStatus(OrganizationId organizationId, ADUser& user, ExchangePrincipal& principal, String& errorMessage)
0
Comment
Question by:vmdude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39212792
If you have tried things then you need to say what they are, because otherwise people may just repeat things that you have done.

You are getting an error about the Discover Mailbox missing. It should be recreated to begin with: http://technet.microsoft.com/en-us/library/gg588318.aspx

Simon.
0
 
LVL 6

Author Comment

by:vmdude
ID: 39213188
Things I have tried

- Made sure inheritance was set on user account
- Made sure AdminSDHolder has inheritable permissions
- Created a new Exchange Administrator account (with org management, domain admin etc)
- Re-run setup /PrepareAD

This is a single domain and forest with no child domains.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39214987
Have you tried with THE administrator account, or with the account used to originally install Exchange?
Are you still getting the error about the Discovery Mailbox being missing?

Simon.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 6

Author Comment

by:vmdude
ID: 39215719
Hi,

Yes I have tried with the main administrator account used to install Exchange.
All Exchange 2010 servers have now successfully been upgraded to SP3 and the Discovery Mailbox and all arbitration mailboxes are now displaying.

Now when I try to perform the operation I no longer get the error in the logs however the pop-up comes up with the following message

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
The following error(s) occurred while saving changes:

Set-ReceiveConnector
Failed
Error:
Active Directory operation failed on DC.DOMAIN.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


The user has insufficient access rights.




--------------------------------------------------------
OK
--------------------------------------------------------
0
 
LVL 6

Accepted Solution

by:
vmdude earned 0 total points
ID: 39215785
Found the answer

Needed to add inheritance at the following location via ADSI Edit

CN=Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com

nstall ADSI Edit and then start ADSI Edit.
Click Start, click Run, type adsiedit.msc, and then click OK.
Locate the object in question, right-click the object, and then click Properties.
On the Security tab, click Advanced.
Click Allow inheritable permissions from the parent to propagate to this object and all child objects to re-enable permissions inheritance.
Click OK two times to apply the change.
Wait for Active Directory replication to propagate the changes, or force Active Directory replication if it is necessary.
0
 
LVL 6

Author Closing Comment

by:vmdude
ID: 39232780
Because this is the answer and it fixed the exact problem I was facing
0
 

Expert Comment

by:tvogunleye
ID: 40789256
we cannot find the following CN=Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com
 in AD. how do we create it ?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question