Solved

System Attendant does not have sufficient rights

Posted on 2006-06-16
18
3,905 Views
Last Modified: 2010-02-05
Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.

I am getting this error, need Expert assistance.  Thanks guys.

0
Comment
Question by:mputnam31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +4
18 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16921009
Hi,

Please have a look on this url from MS:

http://support.microsoft.com/?kbid=910413
You receive a "Could not start the Microsoft Exchange System Attendant service on Local Computer" error message when you try to start the Exchange System Attendant service


Event Type: Warning
Event Source: MSExchangeSA
Event Category: General
Event ID: 9157
Date:
Time:
User: N/A
Computer:
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.
0
 
LVL 18

Accepted Solution

by:
amaheshwari earned 250 total points
ID: 16921016
0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16921059
Try this as well:

http://support.microsoft.com/kb/297295/en-us
The computer account for Exchange Server is absent
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:mputnam31
ID: 16921946
Tried it all... nada.
0
 
LVL 4

Expert Comment

by:mkumar23
ID: 16923136
When you try to restart the SA manualy from services mmc, what happens than.

Check your event logs for any event you may see after manual restat of SA.

Regards,

Max
0
 
LVL 4

Expert Comment

by:mkumar23
ID: 16923183
can you send the LDP dump of the service account you have for your exchange server?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16923859
If the error you are getting is different from the one posted above, can you post the full event ID message. Little difficult to diagnose otherwise.

Also post

- Exchange version, service pack and patch level
- Windows version, service pack and patch level (ie is it the latest).
- Is Exchange on SBS or a domain controller?

What account are the Exchange services running under?

Simon.
0
 
LVL 1

Author Comment

by:mputnam31
ID: 16924757
What is a ldp dump

xechange 2003
server 2003

exchange isn't on sbs or a domain controller... is that a problem?

HOw do i know which account the exchange services are running under, where do I find that info?
0
 
LVL 1

Author Comment

by:mputnam31
ID: 16924762
Event Type:     Error
Event Source:     NETLOGON
Event Category:     None
Event ID:     5719
Date:          6/16/2006
Time:          2:19:48 PM
User:          N/A
Now I get this.

Computer:     WOR-EXCH1
Description:
This computer was not able to set up a secure session with a domain controller in domain SHARKS due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16926627
Not having Exchange on a domain controller is fine. There would be concern if there was.
You can see what account services are running under in the services mmc applet (or Computer Management).

However the error above means that Exchange cannot find a domain controller.
Make sure that the Exchange server is pointing to the domain controllers ONLY for DNS. No external DNS servers should be involved.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16927512
You can also try disjoining the exchange server from a domain. Reset the computer account in ADUC and then again rejoin the domain.

Before disjoining the domain make sure you know the local administrator password.

:)

Regards,

Prasad
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16927590
ppuro - that is BAD advice.

If you disjoin the computer from the domain that will kill Exchange.

NEVER EVER remove and Exchange server from the domain unless Exchange has been removed.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16934959
Well Sembee I am 100 % sure that it will not at all kill exchange if it is the member server and if its been removed from the domain.It will only reset the secure channel between the DC and the member server.

Regards,

Prasad
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16935351
100% sure?

Got something from Microsoft that says you can do that?

Consider the close ties to active directory that Exchange has, it is one thing I wouldn't dream of doing to an Exchange server.

Simon.
0
 
LVL 3

Expert Comment

by:ppuro
ID: 16951839
I was working with Microsoft PSS for almost an year.... N in many of the cases I have done this without any problem because of which it resets the broken secure channel between the DC and member server.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16956129
What PSS does, and what should be said in public are two different things. That is why there are two versions of the knowledge base.

There are many things I will do with Exchange when under the guidance of PSS, which I would never tell someone to do in public on a forum where they will not have the support of PSS to ensure that it is done in the right way. There are too many things that can go wrong with removing an Exchange server from the domain - which is why it shouldn't be advised. I don't think I have seen that advise in any of the public KB articles.

Remember that this is a public forum. PSS (and MVPs like myself) have access to information that general users do not have, and as such you have to be careful about the advise that is given.

As such, I stand by my comment that your advice was bad, because it is a dangerous thing to do and should not be attempted unless you know what you are doing, the consequences, and preferably under the guidance of PSS. It would be worth the support fee to cover yourself in case Exchange does go down.

Simon.
0
 

Expert Comment

by:Marxx
ID: 22566459
This WORKAROUND is helping but...
To work around this behavior, follow these steps:
1.      Move the following groups to the default Users container:
      
"      Exchange Enterprise Servers
"      Exchange Services
"      Exchange Domain Servers

2.      Restart the System Attendant service.

IF these groups are allredy in default USER container in AD, try this:

Open Exchange Domain Servers group and look members, then remove exchange computer from this group and press APPLY (NOT OK) - then PUT exchange computer BACK to this group, press APPLY and OK.
Restart the System Attendant service and all other services that depended on this service and would'nt start.

0
 

Expert Comment

by:sulinm
ID: 24442640
We spent 7.5 hours on the phone with MS Premier. Ultimately, we simply rebooted all of our domain controllers and everything started working again. Failed over and rebooted Exchange clusters to tidy up.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question