I have searched everywhere and i can't find a solution.
I have recientally done a migration of SBS 2003 to Windows Server 2012 w Exchange 2013
It is a single server installation
Everything went smoothly and the migration was successful. It is now 2 weeks later and i keep getting the following error when trying to access ECP
Stack Trace:
[SecurityAccessDeniedException: Access is denied.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +14489026
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +622
Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested) +0
Microsoft.Exchange.Data.Directory.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy) +145
Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) +255
[ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied..]
Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure) +513
Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn) +88
Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn) +86
Microsoft.Exchange.Data.Directory.ADSession.GetConfigurationNamingContext(String partitionFqdn) +293
Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext) +640
Microsoft.Exchange.Data.Directory.ADDataSession.GetConnection(String preferredServer, Boolean isWriteOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope) +678
Microsoft.Exchange.Data.Directory.ADDataSession.GetReadConnection(String preferredServer, String optionalBaseDN, ADObjectId& rootId, ADRawEntry scopeDeteriminingObject, DualSearchMode dualSearchMode) +207
Microsoft.Exchange.Data.Directory.ADDataSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator,
CreateObjectsDelegate arrayCreator, Boolean includeDeletedObjects) +3287
Microsoft.Exchange.Data.Directory.ADDataSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, Boolean includeDeletedObjects) +269
Microsoft.Exchange.Data.Directory.SystemConfiguration.ADTopologyConfigurationSession.FindLocalServer() +213
Microsoft.Exchange.Management.Security.Utility.GetVirtualDirectoryObject(Guid vDirObjectGuid, ITopologyConfigurationSession session, PropertyDefinition[] virtualDirectoryPropertyDefinitions) +307
Microsoft.Exchange.Management.Security.AdfsFederationAuthModule.InitStaticVariables() +482
Microsoft.Exchange.Management.Security.AdfsFederationAuthModule..ctor() +49
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +159
System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +256
System.Activator.CreateInstance(Type type, Boolean nonPublic) +127
System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark) +14376269
System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +200
System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) +28
System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args) +83
System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList) +335
System.Web.HttpApplication.GetModuleCollection(IntPtr appContext) +1262
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +133
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +404
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475
[HttpException (0x80004005): Exception has been thrown by the target of an invocation.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12881540
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12722601
I am also continually getting the following errors in Event Viewer:
Log Name: Application
Source: MSExchange ADAccess
Date: 2013-01-31 11:00:22 AM
Event ID: 4027
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: NTSERV-2012.cleanair.co.za
Description:
Process w3wp.exe (RemotePS) (PID=14072). WCF request (Get Servers for cleanair.co.za) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make
sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 1 time(s). Error Details
System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange ADAccess" />
<EventID Qualifiers="49156">4027</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-31T09:00:22.000000000Z" />
<EventRecordID>281983</EventRecordID>
<Channel>Application</Channel>
<Computer>NTSERV-2012.cleanair.co.za</Computer>
<Security />
</System>
<EventData>
<Data>w3wp.exe (RemotePS)</Data>
<Data>14072</Data>
<Data>Get Servers for cleanair.co.za</Data>
<Data>TopologyClientTcpEndpoint (localhost)</Data>
<Data>1</Data>
<Data>System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)</Data>
</EventData>
</Event>
Log Name: Application
Source: MsExchange BackEndRehydration
Date: 2013-01-31 11:00:28 AM
Event ID: 3002
Task Category: Requests
Level: Error
Keywords: Classic
User: N/A
Computer: NTSERV-2012.cleanair.co.za
Description:
Protocol /owa failed to process request from identity NT AUTHORITY\SYSTEM. Exception: Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint
(localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.ADSession.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetConnection(String preferredServer, Boolean isWriteOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetReadConnection(String preferredServer, String optionalBaseDN, ADObjectId& rootId, ADRawEntry scopeDeteriminingObject, DualSearchMode dualSearchMode)
at Microsoft.Exchange.Data.Directory.ADDataSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator,
CreateObjectsDelegate arrayCreator, Boolean includeDeletedObjects)
at Microsoft.Exchange.Data.Directory.ADDataSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, Boolean includeDeletedObjects)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADTopologyConfigurationSession.FindLocalServer()
at Microsoft.Exchange.Data.Directory.SystemConfiguration.LocalServer.GetServer()
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.IsTokenSerializationAllowed(WindowsIdentity windowsIdentity)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsExchange BackEndRehydration" />
<EventID Qualifiers="49156">3002</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-31T09:00:28.000000000Z" />
<EventRecordID>281991</EventRecordID>
<Channel>Application</Channel>
<Computer>NTSERV-2012.cleanair.co.za</Computer>
<Security />
</System>
<EventData>
<Data>/owa</Data>
<Data>NT AUTHORITY\SYSTEM</Data>
<Data>Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied..
---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.ADSession.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetConnection(String preferredServer, Boolean isWriteOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetReadConnection(String preferredServer, String optionalBaseDN, ADObjectId& rootId, ADRawEntry scopeDeteriminingObject, DualSearchMode dualSearchMode)
at Microsoft.Exchange.Data.Directory.ADDataSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator,
CreateObjectsDelegate arrayCreator, Boolean includeDeletedObjects)
at Microsoft.Exchange.Data.Directory.ADDataSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, Boolean includeDeletedObjects)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADTopologyConfigurationSession.FindLocalServer()
at Microsoft.Exchange.Data.Directory.SystemConfiguration.LocalServer.GetServer()
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.IsTokenSerializationAllowed(WindowsIdentity windowsIdentity)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args)</Data>
</EventData>
</Event>
Any Idea's or a direction to point me in?
Thank You
Tom