获取错误:“即使我有模拟访问权限,”该帐户也没有模拟所请求用户的权限“ [英] Getting error: “the account does not have permission to impersonate the requested user” even though I have impersonation access
本文介绍了获取错误:“即使我有模拟访问权限,”该帐户也没有模拟所请求用户的权限“的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
I have Windows Service which listen On-Premise Exchange Mail boxes using EWS with Impersonation Access.
I have one Admin User (Service Account) which has Impersonation Access and I have configured the same user for my Windows Service Logon.
I am using NTLM Authentication in C#.Net to login and Impersonate the mail box. When I start my windows service and try to impersonate the mail box I am getting following error even though I have Impersonation Access to my service account.
"Error While initial sync for mailbox SCHEDTEST91@SCHED2010.COM. Exception: Microsoft.Exchange.WebServices.Data.ServiceResponseException: The account does not have permission to impersonate the requested user.
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ProcessWebException(WebException webException)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request)
at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute()
at SXA.ES.EWSNotificationListenerService.NotificationListener.NotificationSynchronizerBase.GetCurrentSyncState(String smtpAddress, String autodiscoverUrl)"
Surprise part is, this issue is happening with specific Virtual Machines, where my Windows Service is hosted.
I have total 4 Virtual Machines and out of 4 VMs, Windows Service is working fine and able to Impersonate the mail box on 2 VMs, but with same configuration and same setup other 2 are having above mentioned error.
I tried searching over the google a lot for this issue and could not find any post.
I am seeking help here to address this issue. Please let me know if anyone come across the same issue while working with EWS Service with C#.Net, and have solution for this.
Note: If I use Basic Authentication here then it is working fine on these 2 VMs as well, this issue is happening with NTLM Windows Authentication only.
我的尝试:
1.尝试重启虚拟机,
2.尝试通过提供基本身份验证代替NTLM来调试代码,并且使用基本身份验证它运行正常,看起来只有NTLM与特定VM的问题。
3.尝试从托盘中删除Windows服务并重新安装。
What I have tried:
1. Tried restarting VMs,
2. Tried to debug the code by providing Basic Authentication instead of NTLM and with Basic Authentication it work fine, Looks like problem with only NTLM with specific VM.
3. Tried Removing Windows Service from tray and re-installing.
推荐答案
在这里猜测。是否有一个尚未启动/安装在故障虚拟机上的服务?
Wild guess here. Is there a service that has not been started/installed on the failing vm?
我进一步调查并找到了此问题的根本原因,请参阅下面的详细信息以及如何解决此问题。
1.实际上我已经在我面临问题的VM上安装了Outlook并配置了电子邮件帐户(没有模拟访问权限的用户电子邮件帐户),重新启动时在电子邮件帐户配置后立即显示Outlook,它提示输入凭据对话框,我输入了用户名和密码以及我已经选中记住我的凭据复选框并单击确定。
2.现在,如果您转到控制面板\用户帐户\Credential Manager ,您将在Windows凭据部分看到两个条目,一个用于Exchange Server网络地址( ABCEXCHANGESERVER.DOMAIN.COM ),其用户名与您在Outlook中配置的用户名相同,另一个单独的条目用于相同的用户名a s Windows Identity。
3.当我从控制面板中删除Exchange Server网络地址( ABCEXCHANGESERVER.DOMAIN.COM )条目时\用户帐户\Credential Manager ,此问题得到解决。
4.根据我的理解 ABCEXCHANGESERVER.DOMAIN.COM 在我们的案例中是交换服务器域/网络地址,并且在访问邮箱时由 EWS 和 Outlook 使用。因此,当我们在Outlook和凭据对话框中配置邮箱时,如果我们选中记住我的凭据复选框,它会将Exchange呼叫的凭据缓存到 ABCEXCHANGESERVER.DOMAIN.COM 以及邮箱配置文件在Credential Manager中。现在,当我们的服务尝试使用 NTLM 调用 ABCEXCHANGESERVER.DOMAIN.COM 时,首先检查 ABCEXCHANGESERVER.DOMAIN.COM 网络/域地址的凭据缓存如果在那里找到任何条目,它总是使用缓存凭据而不是我们的服务登录凭据。
5.如果有人遇到同样的问题,只需清除Exchange Server网络来自控制面板\用户帐户\Credential Manager 的地址条目,此问题将得到解决。
我的建议是,避免在VM上配置Outlook。这将如何帮助。
I have further investigated and found the root cause of this issue, see the details below and how to fix the same.
1. Actually I have installed Outlook and configured email account (user email account who does not have Impersonation Access) on the VM where i was facing issue, Upon restart of Outlook right after email account configuration, it prompt dialog for credentials, there I have entered user name and Password and along with that I have Checked "Remember my credentials" Check Box as well and Click Ok.
2. Now if you go to Control Panel\User Accounts\Credential Manager, You will see two entries in Windows Credentials section, one for Exchange Server network Address (ABCEXCHANGESERVER.DOMAIN.COM) with user name same as the one you have configured in your Outlook and another separate entry for the same user name as Windows Identity.
3. When I removed Exchange Server network Address (ABCEXCHANGESERVER.DOMAIN.COM) entry from Control Panel\User Accounts\Credential Manager, this issue got resolved.
4. As per my understanding ABCEXCHANGESERVER.DOMAIN.COM is exchange server domain/network address in our case and is used by EWS and Outlook both when accessing mail boxes. So when we are configuring mail box in Outlook and on credentials dialog if we check "Remember my credentials" Check Box, it cached credentials for Exchange call to ABCEXCHANGESERVER.DOMAIN.COM as well as for mail box profile in Credential Manager. Now when our service try to call ABCEXCHANGESERVER.DOMAIN.COM using NTLM it first check Credentials Cache for ABCEXCHANGESERVER.DOMAIN.COM network/domain address and if any entry found there, it always use cached credentials instead of our service logon credentials.
5. If anyone facing the same issue, just clearing the Exchange Server network address entry from Control Panel\User Accounts\Credential Manager, and this issue will get resolved.
My suggestion is, avoid configuring Outlook on VM. How this will help.
这篇关于获取错误:“即使我有模拟访问权限,”该帐户也没有模拟所请求用户的权限“的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
