Hi There,

I have a DC and an Exchange server both running Server 2012 standard. Both have all the updates installed and necessary Exchange 2013 pre requisites. No AV running on the network yet either.

The installation ran with no problems but I get the below error when I try and login to https://servername/ecp

Server Error in '/owa' Application.
--------------------------------------------------------------------------------

The user has insufficient access rights.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:


[DirectoryOperationException: The user has insufficient access rights.]
   System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) +1904
   System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) +381
   Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout) +9836289
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1215

[ADOperationException: Active Directory operation failed on FA01.fa.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]
   Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) +3682
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1978
   Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) +27
   Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation) +2068
   Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.Save(ADRecipient instanceToSave) +98
   Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1078

[StoragePermanentException: There was a problem accessing Active Directory. Check your network connections and try again.]
   Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1600
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.HandleLanguagePost(RequestContext requestContext, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized, String destination) +2072
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchIfLanguagePost(RequestContext requestContext) +642
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.InternalDispatchRequest(RequestContext requestContext) +620
   Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchRequest(RequestContext requestContext) +297
   Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e) +352
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18033

Are you logging in with the default administrator account?

What if you create a new one and try using it?

Hello,

Please check if you check "Include inheritable permissions from this object's parent" for administrator.

Besides, here is a similar article for your reference. (Note: It refers to exchange 2010, but I think it is also applies to exchange 2013)

http://blogs.technet.com/b/richardroddy/archive/2010/07/12/exchange-2010-and-the-exchange-trusted-subsystem.aspx

If the issue persists, please follow Rajith's suggestion to check the result.

If you have any feedback on our support, please click here

In the end to fix this I had to enter the license key for Exch Standard using powershell. Strangely enough this worked...

Dave

In the end to fix this I had to enter the license key for Exch Standard using powershell. Strangely enough this worked...

Dave

• Marked as answer by Triumphtech Friday, June 21, 2013 10:15 AM

Hello!

I have the same issue. If Exchange should not be managed without the licence key be entered first then why it just don't open a window stating I must enter a key?  Furthermore, I did manage to login to https://servername/ecp after 5 attempts...I wonder is it by design???

Regards,

Michael Firsov

Hello!

I have the same issue. If Exchange should not be managed without the licence key be entered first then why it just don't open a window stating I must enter a key?  Furthermore, I did manage to login to https://servername/ecp after 5 attempts...I wonder is it by design???

Regards,

Michael Firsov

• Edited by MF47 Wednesday, July 03, 2013 9:27 AM Typo

Hi,

It is strange that ECP started working after punching the key. Did it go past the 120 or 180 day trial period?

I always have my lab servers running fine without an Exchange key, strange!

I did manage to login to https://servername/ecp after 5 attempts...I wonder is it by design???

Regards,

Michael Firsov

How odd.  Same experience with me.  Try accessing the URL a few times, and eventually the EAC is displayed.  I am using the TechNet subscription download version, and the site claims a product key is not required.  Anyway, I'm in now ...