none
exchange 服务器一直报错 RBAC,事件ID,17、23、258 RRS feed

  • 问题

  • 事件17

    (进程 w3wp.exe,PID 11380) "RBAC 授权对用户 a.com/Servers/Exchange/CNHBMAIL2 返回访问被拒绝。原因: 在域控制器 A.COM 上没有找到与指定用户相关联的角色分配。"
    事件 258
    (进程 11380,PID w3wp.exe) "RemotePS 公共 API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: 用户"a.com/Servers/Exchange/CNHBMAIL2"未被分配给任何管理角色。
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(ADRawEntry user, ADRawEntry userToVerifyInScope, IConfigurationSession session, String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, List`1 implicitRoleIds, RoleFilteringMode roleFilteringMode, SerializedAccessToken securityAccessToken, Dictionary`2& userAllScopes, List`1& userAllRoleEntries, Dictionary`2& userAllRoleTypes, ReadOnlyCollection`1& userAllRoleAssignments)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, List`1 implicitRoleIds)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
       at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)
       at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.<>c__DisplayClassc`1.<ExecuteWSManPluginAPI>b__8()
       at Microsoft.Exchange.Diagnostics.CmdletInfra.Diagnostics.ExecuteAndLog[T](String funcName, Boolean missionCritical, LatencyTracker latencyTracker, ExEventLog eventLog, EventTuple eventTuple, Trace tracer, IsExceptionInteresting isExceptionInteresting, Action`1 onError, T defaultReturnValue, Func`1 func). 失败,出现异常 %4。"
    事件23

    (进程 w3wp.exe,PID 11380)“Exchange AuthZPlugin 未能完成方法 GetApplicationPrivateData,这是由于以下应用程序异常所致: Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: 用户"a.COM/Servers/Exchange/CNHBMAIL2"未被分配给任何管理角色。
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(ADRawEntry user, ADRawEntry userToVerifyInScope, IConfigurationSession session, String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, List`1 implicitRoleIds, RoleFilteringMode roleFilteringMode, SerializedAccessToken securityAccessToken, Dictionary`2& userAllScopes, List`1& userAllRoleEntries, Dictionary`2& userAllRoleTypes, ReadOnlyCollection`1& userAllRoleAssignments)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, List`1 implicitRoleIds)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
       at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
       at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)。”

    2018年3月30日 6:41

全部回复

  • 您好,

    请问您的exchange的服务器是什么版本,具体安装了哪一个CU?

    您的组织内部有几台exchange服务器?是否每一台都有问题?

    如果您的组织内部有多台exchange服务器,我们建议您对比下有问题的服务器和没问题的服务器的属性,如果有不同的地方,请更改相应的设置,查看问题是否存在。

    此外,您也可以尝试重启exchange服务器,看是否有帮助。


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年4月2日 10:57
  • 您好:

      我的服务器为exchange 2013 cu12 双机做的DAG,两个服务器都报同样的错误。这个问题我查了一下,但不能确定开始出现的日期,因为日志收集太少了。

      根据您的提示,我查了域控的服务器(版本server2012 r2),在这两项里面

    2018年4月3日 0:58
  • 您好,

    感谢您的回复。

    您有尝试重启exchange的服务器吗?

    如果问题仍然存在,请尝试把exchange 2013的服务器升级到最新的CU20,测试问题是否存在。


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年4月3日 8:32
  • Exchange2016 也出现此问题,检查Exchange 服务器成员都一致。
    2019年2月22日 9:56
  • 重启过服务器,毫无帮助
    2019年2月22日 9:57