Exchange RPC Client Access service won’t start…

Posted by in Exchange, PowerShell

I was asked to go and look at a new Exchange 2010 implementation today as they couldn’t get Outlook to connect. It was a single server implementation with all roles on one box but the first thing I noticed was that the Exchange RPC Client Access service was not started. Starting it just resulted in it stopping immediately.

After looking in the Application log I found an error with Event ID 1002 MSExchangeRPC:

Failed to register service principal name ExchangeMDB. Failed with error code Access is denied (5).

After a bit of googling I found the following ExpertsExchange article (http://ellis.li/PMLtUM) and it led to the following Powershell command which resolved the issue:

Add-ADPermission -Identity "CN=ServerName,OU=OUName,DC=Domain,DC=Local" 
-User "ServerName$" -AccessRights WriteProperty -Properties "Validated-SPN"

Note: Remember to put the ‘$’ after the ServerName for the -User attribute.

Also, when trying to perform this command in the Exchange shell it gave me an “Access Denied” error. To get it to correctly apply I had to do this:

1. Load up the regular Powershell command-line console.
2. Type ImportSystemModules and hit Enter. This will load a crap load of system libraries.
3.  Then type the command above and it should allow you to run it.