jmatt001
asked on
Failure Audit for Exchange 2003
I have the following failure audit posted in our security event log every minute after adding Exchange 2003 to our domain:
Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 11/25/2003
Time: 8:12:15 AM
User: NSI\NSI-EXCHANGE$
Computer: NSISERV
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=nsi,DC =local
New Handle ID: -
Operation ID: {0,54801911}
Process ID: 296
Primary User Name: NSISERV$
Primary Domain: NSI
Primary Logon ID: (0x0,0x3E7)
Client User Name: NSI-EXCHANGE$
Client Domain: NSI
Client Logon ID: (0x0,0x36D88)
Accesses Control Access
Privileges -
Properties:
DELETE
READ_CONTROL
WRITE_OWNER
ACCESS_SYS_SEC
MAX_ALLOWED
%%7691
%%7692
%%7693
Manage Replication Topology
Cannot find anything matching on Microsoft KB. Any ideas?
Thank you!
Jonathan
Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 11/25/2003
Time: 8:12:15 AM
User: NSI\NSI-EXCHANGE$
Computer: NSISERV
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=nsi,DC
New Handle ID: -
Operation ID: {0,54801911}
Process ID: 296
Primary User Name: NSISERV$
Primary Domain: NSI
Primary Logon ID: (0x0,0x3E7)
Client User Name: NSI-EXCHANGE$
Client Domain: NSI
Client Logon ID: (0x0,0x36D88)
Accesses Control Access
Privileges -
Properties:
DELETE
READ_CONTROL
WRITE_OWNER
ACCESS_SYS_SEC
MAX_ALLOWED
%%7691
%%7692
%%7693
Manage Replication Topology
Cannot find anything matching on Microsoft KB. Any ideas?
Thank you!
Jonathan
ASKER
No, this is the only Exchange server in the domain.
looks like NSI\NSI-EXCHANGE$
doesn't have proper access to AD... is NSI\NSI-EXCHANGE$ a DC?
have you run addiag?
http://www.tburke.net/info/reskittools/topics/addiag.htm
doesn't have proper access to AD... is NSI\NSI-EXCHANGE$ a DC?
have you run addiag?
http://www.tburke.net/info/reskittools/topics/addiag.htm
ASKER
NSI-EXCHANGE$ is a member server but not a DC.
Have not run addiag. Not familiar with it.
Thanks
Have not run addiag. Not familiar with it.
Thanks
ASKER
chicagoan,
I have researched addiag.exe. Could you give me a little background on your suggestion to run it? Would I run it on the Exchange server or our DC? What would I be looking for?
Thanks!
I have researched addiag.exe. Could you give me a little background on your suggestion to run it? Would I run it on the Exchange server or our DC? What would I be looking for?
Thanks!
I'm sorry - it was late
dcdiag
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp
DCDiag is command-line tool which analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. As an end-user reporting program, DCDiag encapsulates detailed knowledge of how to identify abnormal behavior in the system.
dcdiag
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp
DCDiag is command-line tool which analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. As an end-user reporting program, DCDiag encapsulates detailed knowledge of how to identify abnormal behavior in the system.
This is how I solved the issue. Open ADSI edit (make sure you have the configuration container in the mmc) you can get this from the support tools for win2k. in ADSI edit open the "Configuration Container" ( if you do not see this you need to install the support tools version. On the first sub menu of the configuration container right click and go to properties click on security tab. I just added the group "Exchange Enterprise Servers" and gave them "manage replication topology" rights. Hope that helps.
After doing a lot of research on this error message my self this is the correct answer to this problem. It would be nice to keep it posted for anyone else who experiences this issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
see http://support.microsoft.com/default.aspx?scid=kb;en-us;822569