This post will explain why you might receive this error message if you are using Exchange 2007 or Exchange 2010. You might see this error when a user logs into Outlook Web Access (OWA). It took me a while to figure this out so I hope this helps other people.
This is the exact output of the error.
RequestUrl: https://www.domain.com:443/owa/lang.owaUser host address: 192.169.1.4ExceptionException type: Microsoft.Exchange.Data.Storage.StoragePermanentExceptionException message: There was a problem accessing Active Directory.Call stackMicrosoft.Exchange.Data.Storage.ExchangePrincipal.Save()Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)Inner ExceptionException type: Microsoft.Exchange.Data.Directory.ADOperationExceptionException message: Active Directory operation failed on exchange.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0Call stackMicrosoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()Inner ExceptionException type: System.DirectoryServices.Protocols.DirectoryOperationExceptionException message: The user has insufficient access rights.Call stackSystem.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)How to Fix: Exception type: Microsoft Exchange Data.Storage.StoragePermanentException
Go into Microsoft Active Directory and Computers on the Domain Controller.
Find user effected by error message.
Right click user and select properties on user.
Go to the “Security Tab”. Click on “Advance”.
Make sure that “Inherit from the parent the permission entries that apply to child objects…” is checked off like you see in the screen shot.
This should resolve the error:
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
JD says
Worked for me; thanks! If anyone is having trouble finding the “Security Tab”, choose “View” > “Advanced Features” in the Active Directory Users and Computers console.
Rob says
Thanks! It worked for me.
David Wilhoit says
Nicely done, thanks much for this. I’m guessing I’m going to find a lot of this in my environment.
Jugeshwr Mahto says
That option is already check mark. but still i am getting same error massage. please suggest me.
pooran says
tks
Phil says
Worked! Thanks!
Carlos Cantu says
Thats Great, Worked!!!!!!
Thanks