Error – “An IIS directory entry couldn’t be created. The error message is Access is denied. HResult = -2147027891 It was running the command ‘Get-Owa-VirtualDirectory’…

I was working on a customer site which has a Windows 2008 R2 domain with both Exchange 2007 SP2 and 2010 RTM running. The 2010 RTM was introduced into the 2007 SP2 environment. Installation of 2010 RTM went fine, no errors. But, when I launched 2010 management console and navigated to Server Configuration -> Client…

I was working on a customer site which has a Windows 2008 R2 domain with both Exchange 2007 SP2 and 2010 RTM running. The 2010 RTM was introduced into the 2007 SP2 environment.

Installation of 2010 RTM went fine, no errors. But, when I launched 2010 management console and navigated to Server Configuration -> Client Access, an error popped up saying,

"An IIS directory entry couldn’t be created.  The error message is Access is denied. HResult = -2147027891  It was running the command ‘Get-Owa-VirtualDirectory’.

My virtual directories was not listed in the interface as well. (OWA, ActiveSync & OAB entries were missing).

OWA Error Co-existence

In order to fix the above issue, check that local administrator group on the Exchange 2007 SP2 server. In my case, I had the following listed as local admins.

Local admins on 07

If “Exchange Trusted Subsystem” is not a member of the local admins of the 2007 box, add the group.

Add Exchange Trusted Subsystem

After that, launch 2010 EMC and all should be good. You will have your virtual directories listed and no error messages!

OWA VirD Working

You DON’T have to add the Exchange 2007 server as a member of the “Exchange Trusted Subsystem” group to fix this issue.

5 Comments

  1. Hello, I am facing a similar issue. I have Exchange 2007 no exchange 2010 installed. But i think schema was update for exchange 2010.
    After that, i installed new exchange 2007 servers, and whenever i try to open EMC and click on the newly installed exchange 2007 server, i get this error. Also, this error comes only when i open EMC on my tool servers( server with just tools installed) If i login to actual servers and click , i dont get any error. Any thoughts please?

  2. Rajith Jose Enchiparambil says:

    Boman, If Exchange is running on a DC, then yes.

  3. Rickard Boman says:

    Domain Controllers don't have local accounts. The domain accounts replace the local accounts when a computer is promoted to a domain controller.

    Add the domain group Administrators as a member in the Exchange Trusted Subsystem domain group.

    Open Active Directory Users and Computers, expand the domain, select 'Builtin', double-click 'Administrators', select 'Members', click 'Add…', enter 'Exchange Trusted Subsystem', click OK, click OK.

  4. Anonymous says:

    Any idea what to do when the Exchange 2007 is a domain controller and you can't add Exchange Trusted Subsystem to the local administrators group?

Leave a Reply

Your email address will not be published. Required fields are marked *