ENS: The account does not have permission to impersonate the requested user

Error/Symptom

This error is observed in the ENS logs either using SaaS or an On Premise instance of AirWatch.

The exact error is as below.

AW.Mail.Notification.Service.BusinessImpl.ExchangeSubscriber._CreateImpersonatedExchangeService 00:00:00.0030278
2015/12/18 18:45:58.950 AW-ENS f64bde65-7ae7-48a5-9d3f-678b5d2bd583 [0000000-0000000] (27) Warn AW.Mail.Notification.Service.BusinessImpl.ExchangeSubscriber Subscription Error MailBox awlab01@se.airwlab.com, Error Microsoft.Exchange.WebServices.Data.ServiceResponseException: The account does not have permission to impersonate the requested user.
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ProcessWebException(WebException webException)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request)
at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute()
at Microsoft.Exchange.WebServices.Data.ExchangeService.SubscribeToStreamingNotifications(IEnumerable`1 folderIds, EventType[]

 

Cause

The reason we get this error is because the service account associated does not have impersonation role assigned to it.

 

Resolution

Grant the service account the impersonation role by running the command below within the Exchange Management Shell

New-ManagementRoleAssignment –name:ENSApplicationimpersonation –
Role:ApplicationImpersonation –User:<ServiceAccount>

Post this the ENS can subscribe for subscriptions from Exchange

Have more questions? Submit a request

0 Comments

Article is closed for comments.