Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 11, 2017 1:55 PM
Hello
I am checking Event logs on a newish Exchange 2016 install. Two servers, one DAG, One AD Domain. I am seeing the following errors in Event Viewer.
How should I correct this?
Log Name: Application
Source: MSExchange Control Panel
Date: 10/11/2017 8:54:05 AM
Event ID: 4
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: <Server-Name>
Description:
Current user: '<domain>/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailboxb04589bccb524d1ca65ef285a73fa499'
Request for URL 'https://localhost:444/ecp/About.aspx' failed with the following error:
Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: '<domain>/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailboxb04589bccb524d1ca65ef285a73fa499' wasn't able to log on as this user because the MyBaseOptions role isn't assigned to the user.
at Microsoft.Exchange.Management.ControlPanel.LocalSession.ThrowIfUserIsMailboxButNoMyBaseOptions()
at Microsoft.Exchange.Management.ControlPanel.LocalSession.RequestReceived()
at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at Microsoft.Exchange.Management.ControlPanel.LocalSession.ThrowIfUserIsMailboxButNoMyBaseOptions()
at Microsoft.Exchange.Management.ControlPanel.LocalSession.RequestReceived()
at Microsoft.Exchange.Management.ControlPanel.RbacModule.Application_PostAuthenticateRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
All replies (3)
Thursday, October 12, 2017 7:46 AM
Hi Bail76A,
Please run the following command to check if the "MyBaseOptions" role has been selected in default Role Assignment Policy:
Get-RoleAssignmentPolicy |fl Name,AssignedRoles
If no, we can add it into this policy:
New-ManagementRoleAssignment -Policy "Default Role Assignment Policy" -Role MyBaseOptions
Default as below:
We can also check it via EAC, as below:
EAC -->Permissions --> User Roles --> Default Role Assignment Policy --> Select "MyBaseOptions" Role
Hope this helps,
Niko Cheng
TechNet Community Support
Please remember to mark the replies as answers.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, October 12, 2017 2:06 PM
Thank you. I have ran the command show below and now I will monitor to see if they go away.
How could this not have been there by default?
New-ManagementRoleAssignment -Policy "Default Role Assignment Policy" -Role MyBaseOptions
Monday, October 16, 2017 7:34 AM
Hi bail760A,
I'm just writing to check how's everything going? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.
Thanks for your understanding.
Best Regards,
Niko Cheng
TechNet Community Support
Please remember to mark the replies as answers.
If you have feedback for TechNet Subscriber Support, contact [email protected].