Wednesday, October 26, 2011

Exchange 2010 - EMC "RBAC authorization returns Access Denied"

I was doing an Upgrade for Exchange 2003 to Exchange 2010 and after i installed the first CAS server and opened the EMC an error appeared that i have no permissions... while i was logged in with the setup account and it was a memeber of the Organization Managemnet Group.

and i founbd this in the Applicaiton Log
 "(Process w3wp.exe, PID 6716) "RBAC authorization returns Access Denied for user Udomain.Local/Users/AccountName. Reason: No role assignments associated with the specified user were found on Domain Controller XXXXX"
"
After alot of searches i was pulling my remaining hair out :)  I  found this post (http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/fc568cc6-8691-4127-b70b-bcc82f9b1f7f?prof=required)

The issue was with 2 things :
  1. Allow inheritable permissions check Box was not enabled on the Exchange  Microsoft Exchange Organzaiton container inside the Configuration partition.
  2. The value for the attributes msExchRoleLink and msExchUserLink attributes on CN=Role Management-Organization Management-Delegating,CN=Role Assignments,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=….  should be ""CN=Role Management,CN=Roles,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=…"" but in my case the msExchUserLink attribute had a value of CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=Domain,DC=Local
Solution:
  1. Check the allow inheritbale permission check Box
  2. Make Sure the value of msExchUserLink  is the same as msExchRoleLink