Exchange 2010 Troubleshooting: CAS – Access is denied error -2147024891
Error
Message
An IIS directory entry couldn’t be created. The error message is Access is denied.
. HResult = -2147024891
After installing Exchange 2010 server in an Exchange 2007 server environment may get some funny error results.
After the installation Exchange 2010 , open the Exchange management console, you nee to go to Microsoft Exchange On-Premises -> ServerConfiguration -> Client Access and here you will receive the following error message.
http://telnet25.files.wordpress.com/2010/02/image_thumb.png?w=441&h=221
PowerShell
So let run the “Get-OwaVirtualDirectory” in powershell and you will get the following result
[PS] C:\Windows\system32>Get-OwaVirtualDirectory
An IIS directory entry couldn’t be created. The error message is Access is denied.
. HResult = -2147024891
+ CategoryInfo : NotInstalled: (<ExchangeServer2007>\Exchange (Default Web Site):ADObjectId) [Get-OwaVirtualDirectory]
, IISGeneralCOMException
+ FullyQualifiedErrorId : 4B12EB5D,Microsoft.Exchange.Management.SystemConfigurationTasks.GetOwaVirtualDirectory
Background
Above command reads the Active Directory objects to see all the registered OWA virtual directories. The virtual directories you retrieve are the virtual directories from Exchange 2010, but also from Exchange 2007. Next it connects to these directories and needs admin rights. This is the problem. Exchange 2010 creates a few new groups and one of them is Exchange Trusted Subsystem. Exchange Trusted Subsystem is automatically added to the local administrators group of the Exchange 2010 server but not on the Exchange 2007 servers.
Resolution
All you need to do is add the Exchange Trusted Subsystem to the local administrators group on the Exchange 2007 CAS servers and restart the server, including the new 2010 H&C Server.
Now run the “Get-OwaVirtualDirectory” in powershell we see:
[PS] C:\Windows\system32>Get-OwaVirtualDirectory
Name Server OwaVersion
—- —— ———-
Exchange (Default Web Site) <ExchangeServer2007> Exchange2003or2000
Public (Default Web Site) <ExchangeServer2007> Exchange2003or2000
Exadmin (Default Web Site) <ExchangeServer2007> Exchange2003or2000
owa (Default Web Site) <ExchangeServer2010> Exchange2010