Exchange 2013: users can not login to OWA & outlook, Only administrator (domain\administrator) can login to OWA & outlook. Event viewer points to RBAC

Setup details

Newly installed

Exchange 2013 sp1 cu9

Microsoft Windows Server 2008 R2 Standard SP1

Issue: Users can not login to OWA & outlook, Only administrator (domain\administrator)  can login to OWA & outlook.

Errors:

Event ID; 15 

Source: MSExchange RBAC

(Process w3wp.exe, PID 9696) "RBAC authorization returns Access Denied for user S-1-5-21-1638150355-3439293087-3538241838-1144. Reason: Call to NativeMethods.AuthzInitializeContextFromSid() failed when initializing the ClientSecurityContext. Exception: Microsoft.Exchange.Security.Authorization.AuthzException: AuthzInitializeContextFromSid failed for User SID: S-1-5-21-1638150355-3439293087-3538241838-1144. ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Security.Authorization.ClientSecurityContext.InitializeContextFromSecurityAccessToken(AuthzFlags flags)
   at Microsoft.Exchange.Security.Authorization.ClientSecurityContext..ctor(ISecurityAccessToken securityAccessToken, AuthzFlags flags)
   at Microsoft.Exchange.Security.Authentication.GenericSidIdentity.CreateClientSecurityContext()
   at Microsoft.Exchange.Security.Authentication.IIdentityExtensions.GetAccessToken(IIdentity identity)
   at Microsoft.Exchange.Security.Authentication.IIdentityExtensions.GetGroupSIDs(IIdentity identity)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.GetGroupAccountsSIDs(IIdentity logonIdentity). "

Event id: 23

Source: MSExchange RBAC

(Process w3wp.exe, PID 9696) "Exchange AuthZPlugin Fails to finish method GetApplicationPrivateData due to application exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The operation couldn't be performed because 'S-1-5-21-1638150355-3439293087-3538241838-1144' couldn't be found.
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.GetGroupAccountsSIDs(IIdentity logonIdentity)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)."

Event id: 258

Source: MSExchange RBAC

(Process 9696, PID w3wp.exe)"RemotePS Public API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The operation couldn't be performed because 'S-1-5-21-1638150355-3439293087-3538241838-1144' couldn't be found.
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration.GetGroupAccountsSIDs(IIdentity logonIdentity)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeRunspaceConfiguration..ctor(IIdentity logonIdentity, IIdentity impersonatedIdentity, ExchangeRunspaceConfigurationSettings settings, IList`1 roleTypeFilter, List`1 sortedRoleEntryFilter, IList`1 logonUserRequiredRoleTypes, Boolean callerCheckedAccess, Boolean isPowerShellWebService, Boolean noCmdletAllowed, SnapinSet snapinSet)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeExpiringRunspaceConfiguration..ctor(IIdentity identity, ExchangeRunspaceConfigurationSettings settings, Boolean isPowerShellWebService)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.GetInitialSessionStateCore(PSSenderInfo senderInfo)
   at Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin.<>c__DisplayClass4.<GetApplicationPrivateData>b__3()
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.HandleExceptionAndRetry[T](String methodName, Func`1 func, Boolean throwException, T defaultReturnValue)
   at Microsoft.Exchange.Configuration.Authorization.AuthZLogHelper.<>c__DisplayClassc`1.<ExecuteWSManPluginAPI>b__8()
   at Microsoft.Exchange.Diagnostics.CmdletInfra.Diagnostics.ExecuteAndLog[T](String funcName, Boolean missionCritical, LatencyTracker latencyTracker, ExEventLog eventLog, EventTuple eventTuple, Trace tracer, IsExceptionInteresting isExceptionInteresting, Action`1 onError, T defaultReturnValue, Func`1 func). fails with Exception %4 ."