Recently I ran into a strange issue that took a bit of digging to figure out. At a client site I was trying to log into their two multi-role Exchange 2013 servers. The first login went fine, but the login for the second server failed with the error: "User Profile Service Failed the Sign-In". The fix was a little weird and possibly unique to Exchange 2013.
My initial thought (and a quick Google search) was that the Default profile on the server was corrupt. That would definitely explain why it was unable to log me in, but others were able to log in without issue (provided they already had a profile on the server). With that reasoning, I copied the Default profile from the other Exchange 2013 server over. That did not fix the issue.
Then I looked into the event logs and found this event:
Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Exchange Server\v15\Configuration10408_100.sqm to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Exchange Server\v15\Configuration10408_100.sqm. This error may be caused by network problems or insufficient security rights.
DETAIL - Access is denied.
I checked the file, and the permissions were set to give Administrators and System full access and no one else. Trying to copy this file without elevated permissions would fail. What's stranger is that the other Exchange 2013 server did not even have this file in its Default profile, which is why copying over the profile folder didn't fix the issue. I didn't want to delete the sqm file, so instead I granted the Users group Read and Execute access.
Voila! I could log in without issue.
Labels: Exchange 2013, Windows Server 2012