the administrator account isn't assigned to any management roles

Status
Not open for further replies.
P

Panicz

Hello,

I need some help with the following problem. My TEST server DC server has been running exchange 2010. Yes I know it is not supported but this is TESTserver and it has been running without problems since 7 months or so. For some reason the raid controller decided that there where no more raid volumes anymore so suddenly I had 4 disks in stead of 2. long story short .... CHKDSK ran and I needed to reinstall this machine from scratch. Unfortunately I did not have a good back-up.

Reinstallled the server. gave it the same name ( after forcefully removing the DC from the forest/domain) added it again and all seemed well untill I installed Exchange 2010 again. I got the WINRM problem, reinstalled the WINRM feature and ran winrm quickconfig. Now I get:

(Process w3wp.exe, PID 3804) " RBAC authorization returns Access Denied for user administratoraccount@domainname. Reason: No role assignments associated with the specified user were found on Domain Controller DOMAINCONTROLLERNAME"

I have seen the posts regarding RBAC but my situation is a not exactly the same as described. Reinstalling exchange is not an option because I cannot uninstall. I checked the RIGHTS and directories and had to manually add the accounts on the registry keys and forlder so yes they did NOT excist.

I would like to have some help from this forum in resolving this issue.

Thanks in advance!

Best regards,

Panicz
 
S

Steve Goodman [MCITP]

Hiya,

Can you try the following before a re-install?

First double check your administrator@domain is in the Organization Management group in the Microsoft Exchange Security Groups OU.

Then make sure you have the normal defaults for the account set correctly in AD. Open a normal Powershell window on the Exchange box, run:

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010
Set-mailbox administrator@domain -roleassignmentpolicy " Default Role Assignment Policy"
set-user administrator@domain -remotepowershellenabled $true

Then try and open EMC/EMS again.

If that doesn't work open a normal powershell windows again, and run the following commands to re-install the default rbac roles and assignments.

Execute:
Add-PSSnapIn Microsoft*
Install-cannedrbacroles
Install-cannedrbacroleassignments

Then try and open EMC/EMS again.

Steve

-------- Blog: http://www.stevieg.org Twitter: http://twitter.com/stevegoodman
 
P

Panicz

Hi Steve,

First of all I need to apologize because I left out some vital info. there is a 2nd DC (win 2k8 and exchange 2007 32 bit on it) n the test environment. Just that you know.

2nd.. thanks for the quick response.

I double checked and the administrator account is there.

The first PS command ran successfully. The second gave me this error:

Set-Mailbox : Property RoleAssignmentPolicy can't be set on this object because it requires the object to have version

0.10 (14.0.100.0) or later. The object's current version is 0.1 (8.0.535.0).

At line:1 char:12

+ Set-mailbox <<<< administrator@domain -roleassignmentpolicy " Default Role Assignment Policy"
+ CategoryInfo : NotSpecified: (0:Int32) [Set-Mailbox], InvalidObjectOperationException
+ FullyQualifiedErrorId : 91FC2332,Microsoft.Exchange.Management.RecipientTasks.SetMailbox

The 3rd ran successfully again. Any suggestions?

Thanks in advance

Best regards,

Panicz
 
P

Panicz

Hi Steve,

Inside the EXchange 2007 environment and the admin account is still on 2007. I moved all mailboxes to this Exchange 2007 box before trying to fix the 2010 box. Thay have always been in the same environment. I want to upgrade this box to SP3 for exchange 2007 but first want the 2010 box up and running again.

Panicz
 
P

Panicz

Hi Steve,

Almost! The exchange box has some users on it but it is not a true production environment. We just use it for kicks and fun. We build a separate forest/domain. The machine has been promoted again to DC. Again I understand that it is not supported but for testing ....

I am thinking about demoting it again and see if that helps us with the exchange environment. once that works, I can promote it again as I have done before.

But any other suggestions are truely appreciated.

Signing off for today but will check my post later tonight !

Thanks so far and best regards,

Panicz
 
S

Steve Goodman [MCITP]

Hi Panicz,

I'd suggest not running Exchange on a domain controller if you can avoid it.

Try the last commands I mentioned:

Add-PSSnapIn Microsoft*
Install-cannedrbacroles
Install-cannedrbacroleassignments

And then see if anything is better. A few more questions though..

When you forcefully removed the DC, how did you clean everything up for the DC and Exchange? When you re-installed Exchagne (after dcpromo?) did you use setup.com /m:RecoverServer ?

Steve

-------- Blog: http://www.stevieg.org Twitter: http://twitter.com/stevegoodman
 
P

Panicz

Hi Steve,

Yes I know I should not install on a DC. That is why I stated that at the beginning of the post but unfortunately we do not have much of a choice for the test environment.

I ran the commands and found that Add-PSSnapIn Microsoft* returned some errors but I as far as I can determine these are alright because they state that files are already installed.

>

Add-PSSnapin : Cannot add Windows PowerShell snap-in Microsoft.Exchange.Management.PowerShell.E2010 because it is alrea

dy added. Verify the name of the snap-in and try again.

At line:1 char:13

+ Add-PSSnapIn <<<< Microsoft*
+ CategoryInfo : InvalidArgument: (Microsoft.Excha...owerShell.E2010:String) [Add-PSSnapin], PSArgumentEx
ception
+ FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

Add-PSSnapin : Windows PowerShell snap-in " Microsoft.Exchange.Management.PowerShell.Setup" is loaded with the following
warnings: There were errors in loading the format data file:

Microsoft.Exchange.Management.PowerShell.Setup, C:\Program Files\Microsoft\Exchange Server\V14\bin\Exchange.format.ps1x

ml : File skipped because it was already present from " Microsoft.Exchange.Management.PowerShell.E2010" .

At line:1 char:13

+ Add-PSSnapIn <<<< Microsoft*
+ CategoryInfo : InvalidData: (Microsoft.Excha...owerShell.Setup:String) [Add-PSSnapin], PSSnapInExceptio
n
+ FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

Add-PSSnapin : Windows PowerShell snap-in " Microsoft.Exchange.Management.Powershell.Support" is loaded with the followi

ng warnings: There were errors in loading the format data file:

Microsoft.Exchange.Management.PowerShell.Setup, C:\Program Files\Microsoft\Exchange Server\V14\bin\Exchange.format.ps1x

ml : File skipped because it was already present from " Microsoft.Exchange.Management.PowerShell.E2010" .

At line:1 char:13

+ Add-PSSnapIn <<<< Microsoft*
+ CategoryInfo : InvalidData: (Microsoft.Excha...ershell.Support:String) [Add-PSSnapin], PSSnapInExceptio
n
+ FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

Add-PSSnapin : Windows PowerShell snap-in " Microsoft.Windows.ServerManager.Migration" is loaded with the following warn

ings: There were errors in loading the format data file:

Microsoft.Exchange.Management.PowerShell.Setup, C:\Program Files\Microsoft\Exchange Server\V14\bin\Exchange.format.ps1x

ml : File skipped because it was already present from " Microsoft.Exchange.Management.PowerShell.E2010" .

At line:1 char:13

+ Add-PSSnapIn <<<< Microsoft*
+ CategoryInfo : InvalidData: (Microsoft.Windo...nager.Migration:String) [Add-PSSnapin], PSSnapInExceptio
n
+ FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

The other commands ran without error.

When reinstalling the computer I removed only parts with ADSIEDIT that cause problems. So entries like Domain Controller name of the machine itself. After that the machine could be added to the domain again and be promoted to DC. Exchange I installed with the /recoverserver option. There is no other way to do it since setup doesn't allow it. I did not receive any errors during that install. Afterwards I got the WINRM problem. removed it from IIS and reinstalled it without any problems. then this message popped up.

The commands did not help by the way. I will reboot the server later and see if that helps. There are some hotfixes that need to be installed anyway so....

Keep you informed. Have a great evening!

Best regards,

Panicz
 
P

Panicz

Hi,

The reboot did not help a thing. still cannot access the machine. Any suggestions at this time?

Thanks!

Br Panicz
 
P

Panicz

Problem solved the hard way. I removed the server with adsiedit and removed all entries from the registry. after that I could install it again. and all works fine. Not the best way to resolve things but it worked. It is a DC again and no data/email is lost so...

thanks for your assistance.

Best regards,

Panicz
 
Status
Not open for further replies.
Top