ECP returns 403 Sorry! Access denied on some servers

Kenny M 1 Reputation point

We have a 16 server DAG balanced over two data centers that is running the latest Exchange 2019 version on Windows Server 2022.

I wish to be able to access ECP on a single server in both data centers. Both these servers are not available for the public, they are just hosting databases.

Both servers are deployed with the same deployment script, so they should be identical. Both servers have AdminEnabled:$true on the EcpVirtualDirectory settings and the settings are identical on both servers.

On one server, I can access the ECP without any problems, with the servers internal IP from a management server:

On the other server, I am NOT able to access ECP, even though it's the exact same user. I just get a:

Sorry! Access denied :(
You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
You're still signed in. If you want to sign out, use the link below.

I also have an old Exchange 2016 server in the domain, not hosting any databases or client connections. Here the ECP works fine as well, when connecting to the servers internal IP. I want to make sure that I have more than one server where I can reach ECP before I decommission this 2016 server.

What could cause this and what could a solution be?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,383 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. LilyLi2-MSFT 1,981 Reputation points

    Hi @Kenny M ,

    Welcome to our forum.

    Typically, this issue occurs if a computer object is added to a group that is denied the ms-Exch-EPI-Token-Serialization user right.
    To resolve this issue, please remove the computer object from the restricted group.
    For more details, please refer to: error-occur-ems-eac-owa

    If the above suggestions do not work, the following similar threads hope to help you.

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Amit Singh 4,851 Reputation points

    Open exchange management shell with run as administrator
    Run the following command

    Set-CASMailbox -id USERemail -ECPEnabled $True  

    Try to log in again, and it should have been resolved.