Exchange 2013 – Event ID 17, 23 and 258 HealthMailbox: No role Assignments

Problem

The following 3 errors are filling up the application log

Event ID 17, 23 and 258

(Process w3wp.exe, PID 6828) “RBAC authorization returns Access Denied for user domain.local/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailbox6abb348c643845acaee87941bd609e63. Reason: No role assignments associated with the specified user were found on Domain Controller dc.domain.local”

Cause

There are no roles assigned to the Default Role Assignment Policy

Verify

You can use the following command to see the roles included in the default role assignment policy:

Get-ManagementRoleAssignment -RoleAssignee ‘Default Role Assignment Policy’

eventID17-1

As you can see – no roles are returned

Solution

Add one or more roles to the Default Role Assignment Policy.

EAC > Permissions > User Roles > Default Role Assignment Policy

Select one or more roles

eventID17-2

You can then verify this from the shell

eventID17-3

Leave a Reply

Your email address will not be published. Required fields are marked *