Share via

Exchange 2010 Troubleshooting: CAS – Access is denied error -2147024891

  • Article

Error 

Message

An IIS directory entry couldn’t be created. The error message is Access is denied.

. HResult = -2147024891

After installing Exchange 2010 server in an Exchange 2007 server environment may get some funny error results.

After the installation Exchange 2010 , open the Exchange management console, you nee to go to Microsoft Exchange On-Premises -> ServerConfiguration -> Client Access and here you will receive the following error message.

http://telnet25.files.wordpress.com/2010/02/image_thumb.png?w=441&h=221

PowerShell

So let run the “Get-OwaVirtualDirectory” in powershell and you will get the following result

[PS] C:\Windows\system32>Get-OwaVirtualDirectory

An IIS directory entry couldn’t be created. The error message is Access is denied.

. HResult = -2147024891

+ CategoryInfo : NotInstalled: (<ExchangeServer2007>\Exchange (Default Web Site):ADObjectId) [Get-OwaVirtualDirectory]

, IISGeneralCOMException

+ FullyQualifiedErrorId : 4B12EB5D,Microsoft.Exchange.Management.SystemConfigurationTasks.GetOwaVirtualDirectory

Background

Above command reads the Active Directory objects to see all the registered OWA virtual directories. The virtual directories you retrieve are the virtual directories from Exchange 2010, but also from Exchange 2007. Next it connects to these directories and needs admin rights. This is the problem. Exchange 2010 creates a few new groups and one of them is Exchange Trusted Subsystem. Exchange Trusted Subsystem is automatically added to the local administrators group of the Exchange 2010 server but not on the Exchange 2007 servers.

Resolution

All you need to do is add the Exchange Trusted Subsystem to the local administrators group on the Exchange 2007 CAS servers and restart the server, including the new 2010 H&C Server.

Now run the “Get-OwaVirtualDirectory” in powershell we see:

[PS] C:\Windows\system32>Get-OwaVirtualDirectory

Name Server OwaVersion

—- —— ———-

Exchange (Default Web Site) <ExchangeServer2007> Exchange2003or2000

Public (Default Web Site) <ExchangeServer2007> Exchange2003or2000

Exadmin (Default Web Site) <ExchangeServer2007> Exchange2003or2000

owa (Default Web Site) <ExchangeServer2010> Exchange2010