Hello, I've installed Exchange 2010 SP1 on a Windows 2008 R2 server, along with the AD DS role (I know, not advised but supported). When running an up-to-date version of ExBPA, it complains about missing access rights on the C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\10ce4957-0422-459b-9f68-c6c9a150fdd5' directory for several groups : 'Enterprise Admins', 'Domain Admins', 'Admins' and 'Authenticated Users'. Though, they are correctly set : PS C:\Users\Administrateur> Get-Acl 'C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\10ce4957-0422-459b-9f68-c6c9a150fdd5' | fl Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\10ce4957-0422-459b-9f68-c6c9a150fdd5 Owner : BUILTIN\Administrateurs Group : AUTORITE NT\Système Access : AUTORITE NT\IUSR Deny Read AUTORITE NT\Utilisateurs authentifiés Allow Read, Synchronize AUTORITE NT\Système Allow Read, Synchronize BUILTIN\Administrateurs Allow FullControl BUILTIN\IIS_IUSRS Allow ReadAndExecute, Synchronize LPA\Administrateur Allow Read, Synchronize LPA\Admins du domaine Allow Read, Synchronize LPA\Administrateurs de l'entreprise Allow Read, Synchronize LPA\Organization Management Allow Read, Synchronize LPA\Organization Management Allow ReadAndExecute, Synchronize LPA\View-Only Organization Management Allow ReadAndExecute, Synchronize LPA\View-Only Organization Management Allow Read, Synchronize LPA\Exchange Servers Allow FullControl LPA\Exchange Trusted Subsystem Allow Read, Synchronize Any idea ? Thanks in advance ChristianChristian G.

FYI, I've added FullControl access to All, and the same errors pop out.Christian G.

From the Get-ACL command result, I cannot find the 'Enterprise Admins', 'Domain Admins', 'Admins' and 'Authenticated Users' groups. Please manually add it and assign full access permission for them. Restart the system attendent service and see if the issue persists. Thanks, Simon

Actually those are set, but the output being in French that might not be so easy to read : Enterprise Admins = LPA\Administrateurs de l'entreprise Domain Admins = LPA\Admins du domaine Authenticated Users = AUTORITE NT\Utilisateurs authentifiés ExBPA says that it might prevent users from downloading the OAB via HTTP. But I configured an Outlook profile with Outlook Anywhere and I got it fine. Maybe another of the numerous false alarms triggered by BPA ? ChristianChristian G.

Hello, as far as I know this is a known issue because BPA searches for the English group names and can't find them, so this error is generated. If you have ensured that the rights are correct and the OAB is downloadable you can safely ignore the error. Greetings, Toni

Ok, thanks for the answer Toni. Christian Christian G.