Fail to configure the maximum message size on AdSiteLink of Exchange Servers

When I perform “Set-AdSiteLink” with “MaxMessageSize” parameter in Exchange 2010 Management Shell, it failed to update the setting.

It shows the following error:

Active Directory operation failed on <Server name>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSIS-03150BB9, problem 4003 (INSUF_ACCESS_RIGHTS), data 0 + CategoryInfo: NotSpecified: (0:Int32) [Set-AdSiteLink], ADOperationException + FullyQualifiedErrorId: A44E1A40,Microsoft.Exchange.Management.SystemConfigurationTasks.SetAdSiteLink

To solve this problem, you need to assign the permission of “Exchange Trusted Subsystem” on the “Site-Link-Object”.

1. At a domain controller, log in as Enterprise Administrator.

2. Launch "ADSI Edit".

3. Right-click "ADSI Edit", select "Connect to".

4. Next to "Select a well known Naming Context", select "Configuration".

5. Click "OK".

6. Expand "Configuration > CN=Configuration,DC=contoso,DC=com > CN=Sites > CN=Inter-Site Transports > CN=IP".

7. Right-click "CN=IP", select "Properties".

8. Select "Security" tab, click "Advanced".

9. Click "Add".

10. Enter "Exchange Trusted Subsystem".

11. Next to "Apply to", select "Descendant Site Link objects".

12. Check "Allow - Read all properties, Write all properties and Read permissions".

13. Click "OK" three times.

14. Close "ADSI Edit".

Now, you can update the "MaxMessageSize" on "AdSiteLink".

Reference:

::::: Workaround ::::: Exchange 2010 Set-ADSiteLink -MaxMessageSize insufficient access rights

http://msexchangebygallo.wordpress.com/2011/07/06/exchange-2010-set-adsitelink-maxmessagesize-insufficient-access-rights-workaround/

This posting is provided “AS IS” with no warranties, and confers no rights!