Jump to content


Photo

The account does not have permission to impersonate the requested user.


  • Please log in to reply
4 replies to this topic

#1 NeverAgain

NeverAgain

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 29 January 2018 - 07:02 PM

Not able to fully set up Remote Controll.

I logged into Account Lockout Examiner with USER1. This use has domain admin permissions. DC is reporting and am able to unlock/reset or examine any accounts. 

I have set up notifications and am getting the emails when someone gets locked out. For Remote Controll I have created a new user USER2. USER1 has full access to USER2 mailbox. 

Do I have this configured incorrectly? Should it be the other way around USER2 should have full access to USER1?

Thanks for your help. 

 

 

ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: ADNServ.ExchangeServerVersion: Version 15.0 (Build 31130.7)
ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: ADNServ.ExchangeServerSite: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fco,DC=com
ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: ADNServ.ExchangeServerRoles have ExchangeServerRoles.ClientAccess Role
ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: FindFirstValidURL, try connect to the server: CAS1
ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: FindFirstValidURL, complite; server: CAS1
ALEService.exe Warning: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: System.Web.Services.Protocols.SoapException: The account does not have permission to impersonate the requested user.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at ESB2013.ExchangeServiceBinding.FindFolder(FindFolderType FindFolder1)
   at ALService.RemoteControl.Listeners.MSExchange.ExchSoap13MailBox.get_Folders()
   at ALService.RemoteControl.Listeners.ExchangeServerListener.GetMessages(RemoteControlSettings settings)
   at ALService.RemoteControl.Listeners.DefaultMessageListener`1.OnDoWork(DoWorkEventArgs e)
ALEService.exe Information: 0 : [TID: 36, Time: 1/29/2018 1:43:34 PM] REMOTE CONTROL: Listener will be restarted after 00:01:00 minutes


#2 AndreyK

AndreyK

    Member

  • Members
  • PipPip
  • 10 posts

Posted 30 January 2018 - 03:07 PM

Hello,

 

FullAccess rights might be insufficient in this case: https://www.netwrix.com/kb/1560 

Please make USER1 the Owner of the USER2 mailbox:

 

Add-MailboxPermission -Identity "USER2" -Owner "USER1"

 

Let me know if this worked.



#3 NeverAgain

NeverAgain

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 30 January 2018 - 06:34 PM

Thank you for the suggestions but that did not work for me. I made USER1 the owner of the USER2 mailbox.

I also followed the KB1560 and made sure everything is setup correctly. 

 

Still getting the same message:

ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:28:42 PM] REMOTE CONTROL: Listener will be restarted after 00:01:00 minutes
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:42 PM] REMOTE CONTROL: ADNServ.ExchangeServerVersion: Version 15.0 (Build 31130.7)
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:42 PM] REMOTE CONTROL: ADNServ.ExchangeServerSite: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fco,DC=com
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:42 PM] REMOTE CONTROL: ADNServ.ExchangeServerRoles have ExchangeServerRoles.ClientAccess Role
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:42 PM] REMOTE CONTROL: FindFirstValidURL, try connect to the server: CAS1
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:42 PM] REMOTE CONTROL: FindFirstValidURL, complite; server: CAS1
ALEService.exe Warning: 0 : [TID: 52, Time: 1/30/2018 1:29:43 PM] REMOTE CONTROL: System.Web.Services.Protocols.SoapException: The account does not have permission to impersonate the requested user.
ALEService.exe Information: 0 : [TID: 52, Time: 1/30/2018 1:29:43 PM] REMOTE CONTROL: Listener will be restarted after 00:01:00 minutes
 
 
Thanks 


#4 NeverAgain

NeverAgain

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 30 January 2018 - 06:47 PM

When I use my own username (account that is logged in to Account Lockout Examiner ) as the Remote access account I don't get the permission error since is it's my mailbox but get other errors. 

 

ALEService.exe Information: 0 : [TID: 53, Time: 1/30/2018 1:41:00 PM] REMOTE CONTROL: Start listening USER1
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:01 PM] REMOTE CONTROL: ADNServ.ExchangeServerVersion: Version 15.0 (Build 31130.7)
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:01 PM] REMOTE CONTROL: ADNServ.ExchangeServerSite: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fco,DC=com
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:01 PM] REMOTE CONTROL: ADNServ.ExchangeServerRoles have ExchangeServerRoles.ClientAccess Role
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:01 PM] REMOTE CONTROL: FindFirstValidURL, try connect to the server: CAS1
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:01 PM] REMOTE CONTROL: FindFirstValidURL, complite; server: CAS1
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:41:27 PM] REMOTE CONTROL: Cannot resolve 'from'
ALEService.exe Warning: 0 : [TID: 39, Time: 1/30/2018 1:41:27 PM] REMOTE CONTROL: System.ArgumentException: The parameter 'address' cannot be an empty string.
ALEService.exe Warning: 0 : [TID: 39, Time: 1/30/2018 1:43:07 PM] REMOTE CONTROL: System.ArgumentException: An item with the same key has already been added.
ALEService.exe Information: 0 : [TID: 39, Time: 1/30/2018 1:43:07 PM] REMOTE CONTROL: Listener will be restarted after 00:01:00 minutes
 
Thank you, 
Simion 


#5 NeverAgain

NeverAgain

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 30 January 2018 - 09:06 PM

Thank you for all your help. I was able to figure out the problem. 

I had full access and was the owner ow the "Remote control" mailbox. To fix the "The account does not have permission to impersonate the requested user." I had to create an impersonation Role in exchange, full access and being the owner was not enough.

 

Thank again, 

Simion 

 

Exchange server used: Exchange 2013 






0 user(s) are reading this topic

0 members, guests, anonymous users