You are backing up or recovering Exchange data: mailboxes or emails.
Operation fails with:
Error code: 3
Message: The account does not have permission to impersonate the requested user.
Error code: 3126
Message: SOAP protocol error has occurred while accessing the EWS server. SOAP code: ErrorImpersonateUserDenied. SOAP message: The account does not have permission to impersonate the requested user.
The user accessing the Exchange databases is not a member of the Organization Management role group and does not have sufficient privileges to back up or restore individual mailboxes or emails.
To allow this user to access mailboxes or emails for backup and recovery, configure impersonation for this user:
- Open the Exchange Management Shell. From the Start menu, choose All Programs > Microsoft Exchange Server.
- Run the New-ManagementRoleAssignment cmdlet to add the impersonation permission to the specified user. The following example shows how to configure impersonation to enable a service account to impersonate all other users in an organization.
New-ManagementRoleAssignment –name:impersonationAssignmentName –Role:ApplicationImpersonation –User:<user>
where <user> is the user you have specified to access Exchange databases
Re-attempt the operation.