I’ve been busily rolling out Exchange 2013 SP1 at work and I’ve finally gotten to the stage where I can start migrating mailboxes over. Lo and behold, the fourth mailbox moved over had a strange issue whilst trying to access OWA:

1
2
3
4
5
6
7
8
9
something went wrong
Sorry, we can't get that information right now. Please try again later. If the problem persists, contact your helpdesk.
X-OWA-Error: Microsoft.Exchange.Security.Authentication.TokenMungingException
X-OWA-Version: 15.0.847.32
X-FEServer: MAIL2013-1
X-BEServer: Mail2013-2
Date: 28/04/2014 11:35:42 AM

It turns out that some users had a “LinkedMasterAccount” attribute set to “NT AUTHORITY\SELF” that didn’t need to be. The script to check all users with this attribute set:

1
Get-User -ResultSize unlimited | where {$_.linkedmasteraccount -eq "NT AUTHORITY\SELF" -and $_.recipienttypedetails -ne "RoomMailbox" -and $_.recipienttypedetails -ne "Equipmentmailbox" -and $_.recipienttypedetails -ne "DiscoveryMailbox"} | select name | ft

This will spit out all accounts that aren’t room, equipment or discovery mailboxes with the LinkedMasterAccount set to “NT AUTHORITY\SELF”. From there, you can change it to $null with:

1
Set-User -Identity <user> -LinkedMasterAccount $null

After setting this the user was able to log in.