Remove From My Forums

exchange 服务器一直报错 RBAC,事件ID，17、23、258

问题
0

登录进行投票

事件17

(进程 w3wp.exe，PID 11380) "RBAC 授权对用户 a.com/Servers/Exchange/CNHBMAIL2 返回访问被拒绝。原因: 在域控制器 A.COM 上没有找到与指定用户相关联的角色分配。"
事件 258
(进程 11380，PID w3wp.exe) "RemotePS 公共 API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: 用户"a.com/Servers/Exchange/CNHBMAIL2"未被分配给任何管理角色。
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(ADRawEntry user, ADRawEntry userToVerifyInScope, IConfigurationSession session, String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, List`1 implicitRoleIds, RoleFilteringMode roleFilteringMode, SerializedAccessToken securityAccessToken, Dictionary`2& userAllScopes, List`1& userAllRoleEntries, Dictionary`2& userAllRoleTypes, ReadOnlyCollection`1& userAllRoleAssignments)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, List`1 implicitRoleIds)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.<>c__DisplayClassc`1.<ExecuteWSManPluginAPI>b__8()
   at Microsoft.Exchange.Diagnostics.CmdletInfra.Diagnostics.ExecuteAndLog[T](String funcName, Boolean missionCritical, LatencyTracker latencyTracker, ExEventLog eventLog, EventTuple eventTuple, Trace tracer, IsExceptionInteresting isExceptionInteresting, Action`1 onError, T defaultReturnValue, Func`1 func). 失败，出现异常 %4。"
事件23

(进程 w3wp.exe，PID 11380)“Exchange AuthZPlugin 未能完成方法 GetApplicationPrivateData，这是由于以下应用程序异常所致: Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: 用户"a.COM/Servers/Exchange/CNHBMAIL2"未被分配给任何管理角色。
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(ADRawEntry user, ADRawEntry userToVerifyInScope, IConfigurationSession session, String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, List`1 implicitRoleIds, RoleFilteringMode roleFilteringMode, SerializedAccessToken securityAccessToken, Dictionary`2& userAllScopes, List`1& userAllRoleEntries, Dictionary`2& userAllRoleTypes, ReadOnlyCollection`1& userAllRoleAssignments)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.LoadRoleCmdletInfo(String organizationName, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, List`1 implicitRoleIds)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)。”

2018年3月30日 6:41

回复

|

引用

全部回复

0

登录进行投票

您好，

请问您的exchange的服务器是什么版本，具体安装了哪一个CU?

您的组织内部有几台exchange服务器？是否每一台都有问题？

如果您的组织内部有多台exchange服务器，我们建议您对比下有问题的服务器和没问题的服务器的属性，如果有不同的地方，请更改相应的设置，查看问题是否存在。

此外，您也可以尝试重启exchange服务器，看是否有帮助。
Best Regards,
Alice Wang

Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

2018年4月2日 10:57

回复

|

引用
0

登录进行投票

您好：

我的服务器为exchange 2013 cu12 双机做的DAG，两个服务器都报同样的错误。这个问题我查了一下，但不能确定开始出现的日期，因为日志收集太少了。

根据您的提示，我查了域控的服务器（版本server2012 r2），在这两项里面

2018年4月3日 0:58

回复

|

引用
0

登录进行投票

您好，

感谢您的回复。

您有尝试重启exchange的服务器吗？

如果问题仍然存在，请尝试把exchange 2013的服务器升级到最新的CU20，测试问题是否存在。
Best Regards,
Alice Wang

Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

2018年4月3日 8:32

回复

|

引用
0

登录进行投票

Exchange2016 也出现此问题，检查Exchange 服务器成员都一致。

2019年2月22日 9:56

回复

|

引用
0

登录进行投票

重启过服务器，毫无帮助

2019年2月22日 9:57

回复

|

引用