Q
Problem solve Get help with specific problems with your technologies, process and projects.

Configure admin rights to access Exchange 2003 mailbox

Learn how to configure administrator rights to grant permissions to an Exchange 2003 mailbox after receiving an "unable to log onto the server" error.

Peter Tersteeg
By
Published: 06 Sep 2007
I have a Windows NT 4.0 server with Exchange 5.5 and a new Windows Small Business Server (SBS) 2003 with Exchange Server 2003. I can successfully export the NT4 users to SBS's Active Directory using the instructions in the SBS_MigratingSBS45.doc. But when I get to the Exchange Migration Wizard, no matter what I do, I can't get past the screen with the server name, user and password. The error I get is: "Unable to log onto the server. Please verify server name, port, account name and password."

These details are definitely correct; I used them to do the Active Directory export. What am I missing?

By default in Exchange 2003, the administrative account does not have the necessary permissions to log into an Exchange mailbox. In order for a service account to have the necessary rights to log into an Exchange mailbox, you will most likely need to confirm that you have 'Send As' and 'Receive As' rights.

You can expose the security page on Exchange Server through the registry modification called ShowSecurityPage as shown in Figure A.

Img2
Figure A: Exchange's Registry Editor displays the registry modification called ShowSecurityPage.
(Click on image for enlarged view.)

Once you add this under HKEY_CURRENT_USERSoftwareMicrosoftExchangeExadmin and then right-click on Properties in Exchange System Manager (ESM), you will see the screen shown in Figure B.

Img3
Figure B: Permissions for administrator rights can be found in ESM under Properties -> Security.
(Click on image for enlarged view.)

In Figure B, note that I do not have Deny ticked on the 'Send As' and 'Receive As' permissions for the administrative account.

Double check that your service account is a member of a group that has more restrictive rights as it relates to 'Send As' and 'Receive As' rights.

You'll also want to confirm that you typed in the appropriate port as well: port 389 or 390, depending on the implementation of the Active Directory Connector (ADC). You can use a Windows Support utility called LDP.EXE to attempt to connect to the target organization to see if you are getting similar errors.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Tip: Regain service-account access to user mailboxes
  • Tip: Logging into Exchange with NT vs. AD accounts in mixed mode
  • Reference Center: Exchange deployment and migration advice
  • Reference Center: Microsoft Exchange Server permissions

    • Dig Deeper on Exchange Server setup and troubleshooting

    Start the conversation

    Send me notifications when other members comment.

    Register

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchSQLServer

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close