I've had issues whenever I provision a new Exchange server in my environment. The latest was just done last week, Exchange 2013 CU5, clean install of Windows 2012 R2. Previously, I've installed with other CUs and usually Windows 2012. All Exchange servers are in the same AD site. Full AD replication happens within 30 minutes.
Installed a new standalone MB Database server (EXMB03). CAS service is separated to another server (EXCAS01). When attempting to create a new mailbox, the mailbox would not be created and permissions issues would show up in the event log on EXMB03 indicating that EXCAS01 was attempting an operation that was not allowed. This would happen for hours.
As a desperate attempt, I ran the following line:
Get-MalboxServer EXMBX03 | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "domain\Exchange servers"
The errors stopped appearing and the mailbox was then provisioned. Everything runs well now. I've had this issue in the past and it seems I have to keep running this line every time I add a new mailbox database server.
This does not seem like normal behavior and was wondering if anyone else had run into an issue similar to this.