Environment: EX2k10 SP1 MBX and HubTransport Role Eventlog throws Warning: Unable to update Mailbox SD in the DS. Mailbox Guid: 85033f5e-c4f1-4d50-a3f1-eda97f0a9ac4. Error Code 0x80070005 Mailbox Guid refers to Discovery Search Mailbox Permission inheritance in AD of the according account is set. All Operations on Discovery Mailbox fail with Access denied error. Even creation of new discovery mailbox fails with following error message (Command is executed with account not being Domain Admin but member of Organization Management and Discovery Management Group) [PS] C:\Windows\system32>New-Mailbox SearchResults -Discovery -UserPrincipalName "Suchergebnisse@akd.net" Active Directory operation failed on xxxxxxxxx. This error is not retriable. Additional information: Access is d enied. Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 + CategoryInfo : NotSpecified: (0:Int32) [New-Mailbox], ADOperationException + FullyQualifiedErrorId : 5FBCF518,Microsoft.Exchange.Management.RecipientTasks.NewMailbox When trying to open Search mailbox from OWA of this user the following error is thrown: Request Url: https://xxxxxxxx:443/owa/lang.owa User host address: 10.1.0.177 User: Discovery Search Mailbox EX Address: /o=xxxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=DiscoverySearchMailbox {D919BA05-46A6-415 SMTP Address: DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}@akd.net OWA version: 14.1.218.13 Exception Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException Exception message: There was a problem accessing Active Directory. Check your network connections and try again. Call stack Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized, String destination) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.AcquireAndPreprocessUserContext(OwaContext owaContext, HttpRequest request) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.OwaRequestEventInspector.OnPostAuthorizeRequest(Object sender, EventArgs e) System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Exception Exception type: Microsoft.Exchange.Data.Directory.ADOperationException Exception message: Active Directory operation failed on AKDDC003.akd.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Call stack Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties) Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() Inner Exception Exception type: System.DirectoryServices.Protocols.DirectoryOperationException Exception message: The user has insufficient access rights. Call stack System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable`1 clientSideSearchTimeout) Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) Everything else is working correctly....

Hi These error means the permission of mailbox isn’t set properly. The first error , you can see this article. http://support.microsoft.com/kb/322308 http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/ae03c681-2b74-46ff-9881-e51f5e863a16 If these articles can’t solve your problem. You can try to reset the permission of mailbox. http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/95548147-7d9c-410c-bc6e-c6541aec0b20 This case will be useful to you.

Hi Do you have anything to update your case ?

I have tried everything of these articles: Still cannot create new discovery Mailbox with the same error as stated in my first post. Alle operations on discovery mailbox fail. eventlog errors as stated are thrown every 30 minutes P.S. this is a mixed ex2k, ex2k10 environment... Short before this error is thrown the following informational event appears: eventid 9040 Service MSExchangeMailSubmission. An exception has been handled on behalf of an assistant. A report will be sent for the following exception: Microsoft.Exchange.Assistants.AIGrayException ---> Microsoft.Exchange.Common.GrayException ---> Microsoft.Mapi.MapiExceptionPartialCompletion: MapiExceptionPartialCompletion: Unable to save watermarks. (hr=0x40680, ec=0) Diagnostic context: Lid: 1494 ---- Remote Context Beg ---- Lid: 10804 StoreEc: 0xFFFFF9BF Lid: 25094 Lid: 13710 StoreEc: 0x89B Lid: 14672 StoreEc: 0x40680 Lid: 2031 StoreEc: 0x40680 Lid: 18009 StoreEc: 0x40680 Lid: 1750 ---- Remote Context End ---- Lid: 32361 StoreEc: 0x40680 at Microsoft.Mapi.MapiExceptionHelper.ThrowIfErrorOrWarning(String message, Int32 hresult, Boolean allowWarnings, SafeExInterfaceHandle iUnknown, Exception innerException) at Microsoft.Mapi.MapiEventManager.SaveWatermarks(Watermark[] watermarks) at Microsoft.Exchange.Assistants.EventAccess.<>c__DisplayClassd.<SaveWatermarks>b__c() at Microsoft.Exchange.Assistants.EventAccess.CallEventManager(EventManagerFunction function) at Microsoft.Exchange.Assistants.EventControllerPrivate.UpdateIdleWatermarksForAssistant(Guid[] idleMailboxes, Guid assistantId) at Microsoft.Exchange.Assistants.EventControllerPrivate.DisposeOfIdleDispatchers() at Microsoft.Exchange.Assistants.EventController.<UpdateWatermarks>b__4() at Microsoft.Exchange.Assistants.Util.<>c__DisplayClass1.<CoreCatchMeIfYouCan>b__0() at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) --- End of inner exception stack trace --- at Microsoft.Exchange.Common.GrayException.ExceptionCatcher(Object exception) at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) at Microsoft.Exchange.Common.GrayException.MapAndReportGrayExceptions(UserCodeDelegate tryCode) at Microsoft.Exchange.Assistants.Util.CoreCatchMeIfYouCan(CatchMe function) at Microsoft.Exchange.Assistants.Util.CatchMeIfYouCan(CatchMe function) --- End of inner exception stack trace --- at Microsoft.Exchange.Assistants.Util.TraceAndThrow(CatchMe function, AIException aiException) at Microsoft.Exchange.Assistants.Util.CatchMeIfYouCan(CatchMe function) at Microsoft.Exchange.Assistants.Base.CatchMeIfYouCan(CatchMe function).

noone any idea?