Cannot delete mailbox or move to another database in EMC, but powershell works fine.

Dear friends,

we have an Exch2007 on Win2008R2, Exch2013, now CU8 is installed on Win2012R2 for testing purposes.
PublicFolders and mailboxes still are settled on Exch2007, I still can create and delete mailboxes or move to another database on this server.

On both servers I can see mailboxes on all Servers, I cannot see the respective others servers database - which seems to be normal...

I even can create and change properties of a new mailbox on Ex2013 on new Server, but I neither can delete nor move this Mailbox via emc on Exch2013 server. Trying this I get an AD error insufficient rights, AD-Answer 00000005 SecErr DSID-03152501. Problem 4003


BUT: I can delete or move a mailbox on new server via management shell! So it seems to be a hidden browser problem...
I checked ad permissions (what are probably not the reason due to shell functioning well), IE permissions are set to use integrated logon.
I also granted full access rights on databases and mailboxes via shell.

Did I miss anything of prerequisites concerning IE or IIS?? I also cannot import a certificate from an UNC path on another server, I have to use a local unc path...

So any idea would be great, because working on some items in shell is not very comfy!! :-)

Thanks and regards.

McButtonn

April 23rd, 2015 10:39am

If you are trying to move a user from Exchange 2007 to Exchange 2013 you need to use either the Shell or the Exchange Admin Center (now a web site should be https://casserver.domain.tld/ecp?ExchCLientVer=15)
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 10:43am

That's what I'm actually trying to do :-)
But for now it's "only" a problem with deleting an object on new server in emc..
April 23rd, 2015 10:55am

So migrating to another db even from Ex2007 is now possible via emc!
It seems to be an issue of certificate, because I've already imported and activated the public certificate, but emc connection went to localhost, with a certificate error in IE. After changing name solution moving now works over emc, too.

But deleting is still not possible via emc :-(


Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 11:06am

So migrating to another db even from Ex2007 is now possible via emc!
It seems to be an issue of certificate, because I've already imported and activated the public certificate, but emc connection went to localhost, with a certificate error in IE. After changing name solution moving now works over emc, too.

But deleting is still not possible via emc :-(


April 23rd, 2015 3:05pm

So migrating to another db even from Ex2007 is now possible via emc!
It seems to be an issue of certificate, because I've already imported and activated the public certificate, but emc connection went to localhost, with a certificate error in IE. After changing name solution moving now works over emc, too.

But deleting is still not possible via emc :-(


We need to get our terminology in sync here.  EMC is the Exchange Management Console - this is what you are accessing Exchange 2007 with.  EAC = Exchange Administrative Center - this is where you are administering Exchange 2013 from.  

Where exactly are you trying to remove the mailbox from and what errors are you getting exactly?

Free Windows Admin Tool Kit Click here and download it now
April 24th, 2015 9:54am

Sorry for improper terminology!

EAC = Exchange Administrative Center, exactly.

I access Exch2013 with EAC. (As far as I know, you cannot manage Ex2007 with EAC due to lack of virtual directory ecp on Ex2007).

I created a new mailbox via EAC on Ex2013 and try to delete it again from Ex2013 via EAC, logged in as domain-admin in Internet Explorer (IE)

Error message is (translated from german):

"Active directory operation failed on xxxDC01.xxx.local. This error is not retriable. Additional information:Access is denied. Active directory response: 00000005: SecErr: DSID-03152501, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0"

Thanks and regards!

April 24th, 2015 10:13am

IS you're account a member of the domain admin account?  Also, when you run it from the shell which cmdlet are you using?


Free Windows Admin Tool Kit Click here and download it now
April 24th, 2015 12:28pm

Yes, it is...

April 24th, 2015 2:07pm

when you remove the mailbox from the shell, what command are you using? Remove-mailbox or disable-mailbox?

Also on the accounts you are trying to remove, is "Prevent from accidental deletion" enabled on it (check AD properties)?

Free Windows Admin Tool Kit Click here and download it now
April 24th, 2015 4:52pm

Sorry, was only on smartphone before!In shell I use disable-mailbox and it works fine.
And I have to apologize, too, for not looking further in EMC, because using deactivate in EMC, NOT just click on tray icon, works! :-)

But: "prevent from accidental deletion" is not enabled in AD object...

So this also deletion should work from EMC, doesn't it?

April 26th, 2015 2:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics