Exchange 2010 exchange management console, access denied. Time sync issue

exchange-2010kerberospermissionswindows-server-2008-r2

I installed Exchange 2010 on Windows Server 2008r2, my domain already has an Exchange 2007 organization present.

During the Exchange 2010 installation, two errors occurred:

  1. Upon the hub transport role install, it failed with msexchangeadtopology service could not be started. This was fixed by adding the Exchange Domain Servers group to the server object in AD.
  2. Upon the mailbox server role, msexchangesa service could not be started. This was fixed by adding the Exchange Enterprise Server group to the server object in AD.

After these errors where corrected, Exchange installed fine. No problems

The first time I opened the management console, and tried to open the local Exchange site, I received an error that the console could not communicate with win2k8ex.domain.local. After researching I saw there was a time sync issue, so I ran net time \\dc /SET YES, restarted and the console worked fine.

Now, the console gives me an error every 15 minutes telling me access is denied for the current user with authentication as kerboros, if I run net time and restart it works fine but then eventually throws the error.

I did some research on the Microsoft TechNets but didn't find anything that really helped me. Please keep in mind the servers time match down to the minute whenever this error occurs, but for some reason net time and a restart resolves the issue, but only temporarily.

The article I read about net time had a settings change in VMWare, but I am not running WMWare, there is nothing virtual about my environment

Failed Events

msexchange mailtips

Unable to remove Group Metrics distribution share.
Share: GroupMetrics
Directory: C:\Program Files\Microsoft\Exchange Server\V14\GroupMetrics

msexchangerepl

Active Manager failed to mount database Mailbox Database 1037838543 on server WIN2K8EX.JEWELS.LOCAL. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 12696   dwParam: 0x6D9      Msg: EEInfo: Generation Time: 2011-03-19 16:01:56:900
    Lid: 10648   dwParam: 0x6D9      Msg: EEInfo: Generating component: 2
    Lid: 14744   dwParam: 0x6D9      Msg: EEInfo: Status: 1753
    Lid: 9624    dwParam: 0x6D9      Msg: EEInfo: Detection location: 501
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncalrpc
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: 
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -1988875570
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 24060   StoreEc: 0x80040115
    Lid: 23746  
    Lid: 31938   StoreEc: 0x80040115
    Lid: 19650  
    Lid: 27842   StoreEc: 0x80040115
    Lid: 20866

WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Folder Redirection – There is no folder redirect policy in any group policies from the DC.

Failed to apply policy and redirect folder "Desktop" to "C:\Users\administrator.JEWELS\Desktop".
 Redirection options=0x9201.
 The following error occurred: "Can not create folder "C:\Users\administrator.JEWELS\Desktop"".
 Error details: "This security ID may not be assigned as the owner of this object.
".

Sources: Highavailability, database action

Failed store mount for database 'Mailbox Database 1037838543' on WIN2K8EX.JEWELS.LOCAL (Duration=00:00:01.3907191, ErrorMessage=An Active Manager operation failed with a transient error. Please retry the operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)

There are also a lot of warnings, and error for OWA.

test-servicehealth

Role                    : Mailbox Server Role
RequiredServicesRunning : True
ServicesRunning         : {IISAdmin, MSExchangeADTopology, MSExchangeIS, MSExchangeMailboxAssistants, MSExchangeMailSub
                          mission, MSExchangeRepl, MSExchangeRPC, MSExchangeSA, MSExchangeSearch, MSExchangeServiceHost
                          , MSExchangeThrottling, MSExchangeTransportLogSearch, W3Svc, WinRM}
ServicesNotRunning      : {}

Role                    : Client Access Server Role
RequiredServicesRunning : True
ServicesRunning         : {IISAdmin, MSExchangeAB, MSExchangeADTopology, MSExchangeFBA, MSExchangeFDS, MSExchangeMailbo
                          xReplication, MSExchangeProtectedServiceHost, MSExchangeRPC, MSExchangeServiceHost, W3Svc, Wi
                          nRM}
ServicesNotRunning      : {}

Role                    : Unified Messaging Server Role
RequiredServicesRunning : True
ServicesRunning         : {IISAdmin, MSExchangeADTopology, MSExchangeServiceHost, MSExchangeUM, W3Svc, WinRM}
ServicesNotRunning      : {}

Role                    : Hub Transport Server Role
RequiredServicesRunning : True
ServicesRunning         : {IISAdmin, MSExchangeADTopology, MSExchangeEdgeSync, MSExchangeServiceHost, MSExchangeTranspo
                          rt, MSExchangeTransportLogSearch, W3Svc, WinRM}
ServicesNotRunning      : {}

Best Answer

timesync issue.. net time \dc\ /SET fixed the problem

Related Topic