Link to home
Start Free TrialLog in
Avatar of jmatt001
jmatt001

asked on

Failure Audit for Exchange 2003

I have the following failure audit posted in our security event log every minute after adding Exchange 2003 to our domain:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Directory Service Access
Event ID:      565
Date:            11/25/2003
Time:            8:12:15 AM
User:            NSI\NSI-EXCHANGE$
Computer:      NSISERV
Description:
Object Open:
       Object Server:      DS
       Object Type:      configuration
       Object Name:      CN=Configuration,DC=nsi,DC=local
       New Handle ID:      -
       Operation ID:      {0,54801911}
       Process ID:      296
       Primary User Name:      NSISERV$
       Primary Domain:      NSI
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      NSI-EXCHANGE$
       Client Domain:      NSI
       Client Logon ID:      (0x0,0x36D88)
       Accesses            Control Access
                  
       Privileges            -

 Properties:
DELETE
READ_CONTROL
WRITE_OWNER
ACCESS_SYS_SEC
MAX_ALLOWED
%%7691
%%7692
%%7693
            Manage Replication Topology

Cannot find anything matching on Microsoft KB.  Any ideas?

Thank you!
Jonathan

 
Avatar of chicagoan
chicagoan
Flag of United States of America image

is an older Exchange  running on a DC that is acting as a global catalogue server?
see http://support.microsoft.com/default.aspx?scid=kb;en-us;822569
Avatar of jmatt001
jmatt001

ASKER

No, this is the only Exchange server in the domain.
looks like NSI\NSI-EXCHANGE$
doesn't have proper access to AD... is NSI\NSI-EXCHANGE$ a DC?

have you run addiag?

http://www.tburke.net/info/reskittools/topics/addiag.htm
NSI-EXCHANGE$ is a member server but not a DC.

Have not run addiag.  Not familiar with it.

Thanks
chicagoan,

I have researched addiag.exe.  Could you give me a little background on your suggestion to run it?  Would I run it on the Exchange server or our DC?  What would I be looking for?

Thanks!
I'm sorry - it was late

dcdiag
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp

DCDiag is command-line tool which analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. As an end-user reporting program, DCDiag encapsulates detailed knowledge of how to identify abnormal behavior in the system.


This is how I solved the issue.  Open ADSI edit (make sure you have the configuration container in the mmc) you can get this from the support tools for win2k.  in ADSI edit open the "Configuration Container" ( if you do not see this you need to install the support tools version.  On the first sub menu of the configuration container right click and go to properties click on security tab.  I just added the group "Exchange Enterprise Servers" and gave them "manage replication topology" rights.  Hope that helps.
After doing a lot of research on this error message my self this is the correct answer to this problem.  It would be nice to keep it posted for anyone else who experiences this issue.
ASKER CERTIFIED SOLUTION
Avatar of modulo
modulo

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial