none
Exchange 2010 linked mailbox - Cannot login RRS feed

  • Question

  • Scenario:
    Two way trust exist between 2 forests and is working.
    Each forest have multiple Exc 2010 SP2 servers, and multiple DC 2003/2008 servers.

    I create new linked mailbox in resource forest, link to Master account in user forest and mailbox create sucesfully.

    But logging into Outlook or OWA with user forest username, resource Exchange server log:

    The user has not been granted the requested logon type at this machine.

    Status: 0xc000015b

    Sub Status: 0x0

    Friday, June 15, 2012 8:53 AM

Answers

  • What about Network Logon, is that allowed, also, as you're checking the local Policy are you sure there's no Domain policy overriding this?

    Check a GPResults and look at the right and see who is allowed to do what.


    Sukh

    • Marked as answer by itec_itec Friday, June 15, 2012 12:44 PM
    Friday, June 15, 2012 10:20 AM

All replies

  • Friday, June 15, 2012 9:38 AM
  • Yes the process do complete succesfully.

    User account is created as disabled user in resource forest where exchange is in.
    Can create user in EMC or PS, same success result.

    But after trying to access mailbox, this error gets loggend in Exc server security eventlog

    Account Name" user resource domain\username

    The user has not been granted the requested logon type at this machine.

    Status: 0xc000015b

    Sub Status: 0x0

    Friday, June 15, 2012 9:54 AM
  • And you have setup the trusts between th forests?

    Sukh

    Friday, June 15, 2012 9:58 AM
  • Yes trusts are in place

    Can validate two way trust on DC's of both forests
    When creating the resource mailbox, can browse to user forest domain and select user for master account.
    GPO -> Security Settings -> Local Policies -> User rights assigments -> can edit for example Allow logon locally and select user forest domain and browse for users

    Friday, June 15, 2012 10:13 AM
  • What about Network Logon, is that allowed, also, as you're checking the local Policy are you sure there's no Domain policy overriding this?

    Check a GPResults and look at the right and see who is allowed to do what.


    Sukh

    • Marked as answer by itec_itec Friday, June 15, 2012 12:44 PM
    Friday, June 15, 2012 10:20 AM
  • Thank you

    Allowed "user forest\domain users" into network login.

    Also allowed Kerberos-Sec TCP and LDAP GC between Dc's for above to work.

    Outlook and OWA now login succesfully

    Friday, June 15, 2012 12:49 PM
  • hello, i have the same issue.  where do you exactly allow "user forest\domain users' into network login?

    on the CAS servers's local security policy?

    Wednesday, June 20, 2012 10:30 AM