The user who performs the data collection requires access to all of the mailboxes in the Microsoft Exchange Server. Microsoft suggests doing this by adding a non-administrator user to Microsoft Exchange Services or Microsoft Exchange Domain Servers groups. The Microsoft Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.
By default, the Exchange Domain Servers group is granted access to all Exchange public folders and mailbox stores. This group contains the computer accounts for each Exchange server within a given domain.
In some companies, however, administrators may restrict access to mailbox stores to only the local server that hosts the stores. In this situation, you need to look at the security settings for each individual Exchange Server and manually grant the data collector user the same permissions as the Exchange Domain Servers group.
If the collection process ends with an error:
Logon failure: the user has not been granted the requested logon type at this computer.
Verify that the domain user stored in CA SRM for the proxy server has all the privileges to login to the domain.
Note: Adding the data collection user to other administrative groups, such as domain administrators or enterprise administrators, does not help because these groups often which are explicit Deny access in Exchange Server.
|
Copyright © 2016 CA Technologies.
All rights reserved.
|
|