[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

System Attendant does not have sufficient rights

Posted on 2006-06-16
18
Medium Priority
?
3,975 Views
Last Modified: 2010-02-05
Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.

I am getting this error, need Expert assistance.  Thanks guys.

0
Comment
Question by:mputnam31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +4
18 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16921009
Hi,

Please have a look on this url from MS:

http://support.microsoft.com/?kbid=910413
You receive a "Could not start the Microsoft Exchange System Attendant service on Local Computer" error message when you try to start the Exchange System Attendant service


Event Type: Warning
Event Source: MSExchangeSA
Event Category: General
Event ID: 9157
Date:
Time:
User: N/A
Computer:
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.
0
 
LVL 18

Accepted Solution

by:
amaheshwari earned 1000 total points
ID: 16921016
0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16921059
Try this as well:

http://support.microsoft.com/kb/297295/en-us
The computer account for Exchange Server is absent
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 1

Author Comment

by:mputnam31
ID: 16921946
Tried it all... nada.
0
 
LVL 4

Expert Comment

by:mkumar23
ID: 16923136
When you try to restart the SA manualy from services mmc, what happens than.

Check your event logs for any event you may see after manual restat of SA.

Regards,

Max
0
 
LVL 4

Expert Comment

by:mkumar23
ID: 16923183
can you send the LDP dump of the service account you have for your exchange server?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16923859
If the error you are getting is different from the one posted above, can you post the full event ID message. Little difficult to diagnose otherwise.

Also post

- Exchange version, service pack and patch level
- Windows version, service pack and patch level (ie is it the latest).
- Is Exchange on SBS or a domain controller?

What account are the Exchange services running under?

Simon.
0
 
LVL 1

Author Comment

by:mputnam31
ID: 16924757
What is a ldp dump

xechange 2003
server 2003

exchange isn't on sbs or a domain controller... is that a problem?

HOw do i know which account the exchange services are running under, where do I find that info?
0
 
LVL 1

Author Comment

by:mputnam31
ID: 16924762
Event Type:     Error
Event Source:     NETLOGON
Event Category:     None
Event ID:     5719
Date:          6/16/2006
Time:          2:19:48 PM
User:          N/A
Now I get this.

Computer:     WOR-EXCH1
Description:
This computer was not able to set up a secure session with a domain controller in domain SHARKS due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16926627
Not having Exchange on a domain controller is fine. There would be concern if there was.
You can see what account services are running under in the services mmc applet (or Computer Management).

However the error above means that Exchange cannot find a domain controller.
Make sure that the Exchange server is pointing to the domain controllers ONLY for DNS. No external DNS servers should be involved.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16927512
You can also try disjoining the exchange server from a domain. Reset the computer account in ADUC and then again rejoin the domain.

Before disjoining the domain make sure you know the local administrator password.

:)

Regards,

Prasad
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16927590
ppuro - that is BAD advice.

If you disjoin the computer from the domain that will kill Exchange.

NEVER EVER remove and Exchange server from the domain unless Exchange has been removed.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16934959
Well Sembee I am 100 % sure that it will not at all kill exchange if it is the member server and if its been removed from the domain.It will only reset the secure channel between the DC and the member server.

Regards,

Prasad
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16935351
100% sure?

Got something from Microsoft that says you can do that?

Consider the close ties to active directory that Exchange has, it is one thing I wouldn't dream of doing to an Exchange server.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16951839
I was working with Microsoft PSS for almost an year.... N in many of the cases I have done this without any problem because of which it resets the broken secure channel between the DC and member server.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16956129
What PSS does, and what should be said in public are two different things. That is why there are two versions of the knowledge base.

There are many things I will do with Exchange when under the guidance of PSS, which I would never tell someone to do in public on a forum where they will not have the support of PSS to ensure that it is done in the right way. There are too many things that can go wrong with removing an Exchange server from the domain - which is why it shouldn't be advised. I don't think I have seen that advise in any of the public KB articles.

Remember that this is a public forum. PSS (and MVPs like myself) have access to information that general users do not have, and as such you have to be careful about the advise that is given.

As such, I stand by my comment that your advice was bad, because it is a dangerous thing to do and should not be attempted unless you know what you are doing, the consequences, and preferably under the guidance of PSS. It would be worth the support fee to cover yourself in case Exchange does go down.

Simon.
0
 

Expert Comment

by:Marxx
ID: 22566459
This WORKAROUND is helping but...
To work around this behavior, follow these steps:
1.      Move the following groups to the default Users container:
      
"      Exchange Enterprise Servers
"      Exchange Services
"      Exchange Domain Servers

2.      Restart the System Attendant service.

IF these groups are allredy in default USER container in AD, try this:

Open Exchange Domain Servers group and look members, then remove exchange computer from this group and press APPLY (NOT OK) - then PUT exchange computer BACK to this group, press APPLY and OK.
Restart the System Attendant service and all other services that depended on this service and would'nt start.

0
 

Expert Comment

by:sulinm
ID: 24442640
We spent 7.5 hours on the phone with MS Premier. Ultimately, we simply rebooted all of our domain controllers and everything started working again. Failed over and rebooted Exchange clusters to tidy up.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question