Saturday, November 26, 2011

Fail to configure the maximum message size on AdSiteLink of Exchange Servers

When I perform “Set-AdSiteLink” with “MaxMessageSize” parameter in Exchange 2010 Management Shell, it failed to update the setting.

It shows the following error:

Active Directory operation failed on <Server name>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSIS-03150BB9, problem 4003 (INSUF_ACCESS_RIGHTS), data 0 + CategoryInfo: NotSpecified: (0:Int32) [Set-AdSiteLink], ADOperationException + FullyQualifiedErrorId: A44E1A40,Microsoft.Exchange.Management.SystemConfigurationTasks.SetAdSiteLink

To solve this problem, you need to assign the permission of “Exchange Trusted Subsystem” on the “Site-Link-Object”.

1. At a domain controller, log in as Enterprise Administrator.
2. Launch "ADSI Edit".
3. Right-click "ADSI Edit", select "Connect to".
4. Next to "Select a well known Naming Context", select "Configuration".

5. Click "OK".
6. Expand "Configuration > CN=Configuration,DC=contoso,DC=com > CN=Sites > CN=Inter-Site Transports > CN=IP".
7. Right-click "CN=IP", select "Properties".
8. Select "Security" tab, click "Advanced".

9. Click "Add".
10. Enter "Exchange Trusted Subsystem".
11. Next to "Apply to", select "Descendant Site Link objects".
12. Check "Allow - Read all properties, Write all properties and Read permissions".

13. Click "OK" three times.
14. Close "ADSI Edit".

Now, you can update the "MaxMessageSize" on "AdSiteLink".

::::: Workaround ::::: Exchange 2010 Set-ADSiteLink -MaxMessageSize insufficient access rights

No comments:

Post a Comment