Urgent problem - the SeSecurityPrivilege right keeps getting reset on the Exchange Enterprise Servers group

Posted on 2005-03-09
Medium Priority
Last Modified: 2013-12-23
The SeSecurityPrivilege right keeps getting reset on the Exchange Enterprise Servers group. This stops Exchange talking to AD and the mailstores dismount a shortwhile later. When I run the Policytest tool from the exchange CD it shows "right not found" for each DC. I can easily fix this by running the exchange setup /domainprep switch which adds the right back to the group. But it keeps getting reset and I have to keep running /domainprep.
I can keep checking Policytest during the day and running /domainprep but it's not really a proper solution, and I can't stay there all night either so email can be down in the morning causing major grief.

I've run through MSoft paper ID 314294 http://support.microsoft.com/?id=314294 and switched on security auditing for domain security events in event viewer but cannot find any trace of what they are looking for in the security log.

One clue maybe that I have to run /domainprep on each DC to give it back the right to it's copy of the AD.

So I'm stuck. I know this is a really tricky one but it's driving me mad and any help you can offer would be greatly appreciated!!!
Many thanks for reading this, please help!!!!!!!
Question by:chris_wren
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 37

Expert Comment

ID: 13495343
have you noticed this sentence "When Kerberos security refresh intervals expire or Exchange services are restarted on particular servers, the issues become evident" in MKB Q314294? are you sure your refresh intervals of keberos is set well?
LVL 37

Accepted Solution

bbao earned 2000 total points
ID: 13495389
do you know this KB? see the step 3 of its resolution "..., run secedit /refreshpolicy machine_policy /enforce..."

XADM: Policytest Utility Returns 'Right NOT Found' Result

Author Comment

ID: 13496815
Cheers bbao - I deleted my default DC GPO (seemed to be stuffed up for some reason - I couldn't edit it) and created a new one with the correct SeSecurityPrivilege user settings for Exchange.
LVL 37

Expert Comment

ID: 13498021
nice to hear. glad to help. :)

Expert Comment

ID: 34312332
Life saver. My work thought it was me who removed it and had audit logs to prove it.

The issue was caused when I ran KLIST /Purge or when reseting the security policy on the DC. Probably not suppose to happen in a less hectic environment but it did in this one.

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question