Adding an Exchange server target produces error: 'You are logged on with an account that does not have access to exchange.'

book

Article ID: 100030045

calendar_today

Updated On:

Description

Error Message

'You are logged on with an account that does not have access to . Log on using an appropriate account and try again.'

A Dtrace of MMC will show the following:

EV:M EVCommon : GESV failed to connect to the Service Control Manager on with error 0x80070005

Cause

There are Four documented causes of this issue:

Issue 1: If the Local Security Policies are configured in the following way.

Security Settings > Local Policies > Security Options > Microsoft network client: Digitally sign communications (if server agrees) - Disabled
Security Settings > Local Policies > Security Options > Microsoft network server: Digitally sign communications (always) - Enabled

Issue 2: The DNS search suffix list for the IPv4 config on the EV server has the entry for an old non-existing domain (old.domain.com) as the first entry on the DNS search suffix list

The current domain entry (new.domain.com) was listed after the old.domain.com.
Both FQDNs for EV server CNAMEs EVServer1.new.domain.com and EVServer1.old.domain.com were resolving a valid IP address.
The dynamic DNS updates are allowed only for the new.domain.com DNS zone

Note: Even if the correct Exchange FQDN server name (e.g., EXCH123456.new.domain.com) was entered into the EV Vault Admin Console (VAC), EV uses the short NetBios Exchange server name (e.g., EXCH123456) in the background and can add the wrong old.domain.com suffix to connect to the Exchange server via secured channel. This prevents the connection and returned “access denied” in the network trace.

Issue 3: Invalid HOST File entries

Issue 4: Windows credentilas Manager has incorrect credentials stored for VSA.

Resolution

Solution 1: Enable the Microsoft network client: Digitally sign communications (if server agrees) policy on the Enterprise Vault server and reboot the server.

Solution 2: Move the new.domain.com on top of the old.domain.com on the DNS search suffix list.

Example steps that illustrate how to modify the search suffix list on the EV server:

1. Start the registry editor (Regedit.exe).
2. Move to HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters.
3. Double-click SearchList.
4. Move the new.domain.com to the top of the list, using a comma to separate the DNS suffixes.
5. Click OK.

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

Solution 3: Open the HOST file and confirm there are no rogue or invalid entries

Solution 4: Open Credential Manager on affected EV server, clear all stored Credentials. Restart all EV services.

Issue/Introduction

During the wizard of creating an Exchange Server target, the error below occurs:

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"