KBI 310294 Configuring Exchange 2003 Permissions

Version

Argent for Exchange 2.0A

Date

9 Jan 2012

Summary

Elevated Permissions for the Argent Service Account mailbox are required for Argent for Exchange to monitor the Microsoft Exchange Environment.

Full Exchange Administrator Permissions in certain setups may not be provided to the Argent Service Account due to internal company policy.

Technical Background

The minimum permissions required to monitor the Exchange Server and Mailboxes are

  • Exchange Organization View Only Administrator
  • Administer Information Store

Without these Exchange Permissions, Argent Monitoring for the Exchange Servers and Mailboxes will fail (Access Denied with MAPI Error 8004011d – openmsgstore failed)

Resolution

Assign the Argent Service Account the required permissions as follow:

Exchange Organization View Only Administrator

  1. Click Start -> Programs -> Microsoft Exchange -> System Manager
  2. Select Administrative Groups
  3. Right-click First Administrative Group and select Delegate Control
  4. In the Exchange Administration Delegation Wizard, click Next, and then click Add
  5. Click Browse and then select the Argent Service Account
  6. Click OK
  7. In the Role drop-down list in the Delegate Control window, select Exchange View Only Administrator
  8. Click OK to add the Argent service account to the Users and Groups list
  9. Click Next, and then click Finish

Alternatively, the Exchange Organization View Only Administrator membership can be added for the account on Active Directory.

Administer Information Store

  1. Click Start -> Programs -> Microsoft Exchange -> System Manager
  2. Select Administrative Groups -> First Administrative Group -> Servers
  3. Right-click the Microsoft Exchange Server name and then click Properties
  4. On the Security tab, select the Argent Service Account
  5. Select the following permissions from the Permissions list: Administer Information Store
  6. Click the Advanced button
  7. Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected
  8. Click OK