After install of SMSMSE on a non-mailbox role Exchange server, Error Event ID 17 from source MSExchangeRBAC is logged every 24 hours.
Application event log
Source: MSExchangeRBAC
Event ID: 17
Description:
(Process w3wp.exe, PID 7604) "RBAC authorization returns Access Denied for user xxxxx/Servers/<server>. Reason: No role assignments associated with the specified user were found on Domain Controller xxxxx"
SMSMSE runs as the Local System account on non-mailbox role Exchange servers. When SMSMSE attempts to query Exchange for a list of mailboxes, RBAC denies access to the query because the Local System account does not normally have RBAC permissions to query Exchange.
This is expected on non-mailbox role servers.
Workaround
To avoid these errors, Mailbox enumeration can be disabled on non-mailbox role servers.
To disable mailbox enumeration:
1. Open the registry editor (Start -> Run, regedit).
2. Create the following DWORD if not present: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server\RefreshListTimeInMinutes.
3. Click on the Decimal radio option, then set the value to 100000000.
4. Create a new DWORD Value called “RefreshListOnStartupEnabled” and set the value to 0
5. Exit the registry editor.
6. Restart the SMSMSE service for the changes to take effect.