[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3997
  • Last Modified:

System Attendant does not have sufficient rights

Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.

I am getting this error, need Expert assistance.  Thanks guys.

0
mputnam31
Asked:
mputnam31
  • 5
  • 3
  • 3
  • +4
1 Solution
 
amaheshwariCommented:
Hi,

Please have a look on this url from MS:

http://support.microsoft.com/?kbid=910413
You receive a "Could not start the Microsoft Exchange System Attendant service on Local Computer" error message when you try to start the Exchange System Attendant service


Event Type: Warning
Event Source: MSExchangeSA
Event Category: General
Event ID: 9157
Date:
Time:
User: N/A
Computer:
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.
0
 
amaheshwariCommented:
Try this as well:

http://support.microsoft.com/kb/297295/en-us
The computer account for Exchange Server is absent
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
mputnam31Author Commented:
Tried it all... nada.
0
 
mkumar23Commented:
When you try to restart the SA manualy from services mmc, what happens than.

Check your event logs for any event you may see after manual restat of SA.

Regards,

Max
0
 
mkumar23Commented:
can you send the LDP dump of the service account you have for your exchange server?
0
 
SembeeCommented:
If the error you are getting is different from the one posted above, can you post the full event ID message. Little difficult to diagnose otherwise.

Also post

- Exchange version, service pack and patch level
- Windows version, service pack and patch level (ie is it the latest).
- Is Exchange on SBS or a domain controller?

What account are the Exchange services running under?

Simon.
0
 
mputnam31Author Commented:
What is a ldp dump

xechange 2003
server 2003

exchange isn't on sbs or a domain controller... is that a problem?

HOw do i know which account the exchange services are running under, where do I find that info?
0
 
mputnam31Author Commented:
Event Type:     Error
Event Source:     NETLOGON
Event Category:     None
Event ID:     5719
Date:          6/16/2006
Time:          2:19:48 PM
User:          N/A
Now I get this.

Computer:     WOR-EXCH1
Description:
This computer was not able to set up a secure session with a domain controller in domain SHARKS due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    
0
 
SembeeCommented:
Not having Exchange on a domain controller is fine. There would be concern if there was.
You can see what account services are running under in the services mmc applet (or Computer Management).

However the error above means that Exchange cannot find a domain controller.
Make sure that the Exchange server is pointing to the domain controllers ONLY for DNS. No external DNS servers should be involved.

Simon.
0
 
ppuroCommented:
You can also try disjoining the exchange server from a domain. Reset the computer account in ADUC and then again rejoin the domain.

Before disjoining the domain make sure you know the local administrator password.

:)

Regards,

Prasad
0
 
SembeeCommented:
ppuro - that is BAD advice.

If you disjoin the computer from the domain that will kill Exchange.

NEVER EVER remove and Exchange server from the domain unless Exchange has been removed.

Simon.
0
 
ppuroCommented:
Well Sembee I am 100 % sure that it will not at all kill exchange if it is the member server and if its been removed from the domain.It will only reset the secure channel between the DC and the member server.

Regards,

Prasad
0
 
SembeeCommented:
100% sure?

Got something from Microsoft that says you can do that?

Consider the close ties to active directory that Exchange has, it is one thing I wouldn't dream of doing to an Exchange server.

Simon.
0
 
ppuroCommented:
I was working with Microsoft PSS for almost an year.... N in many of the cases I have done this without any problem because of which it resets the broken secure channel between the DC and member server.
0
 
SembeeCommented:
What PSS does, and what should be said in public are two different things. That is why there are two versions of the knowledge base.

There are many things I will do with Exchange when under the guidance of PSS, which I would never tell someone to do in public on a forum where they will not have the support of PSS to ensure that it is done in the right way. There are too many things that can go wrong with removing an Exchange server from the domain - which is why it shouldn't be advised. I don't think I have seen that advise in any of the public KB articles.

Remember that this is a public forum. PSS (and MVPs like myself) have access to information that general users do not have, and as such you have to be careful about the advise that is given.

As such, I stand by my comment that your advice was bad, because it is a dangerous thing to do and should not be attempted unless you know what you are doing, the consequences, and preferably under the guidance of PSS. It would be worth the support fee to cover yourself in case Exchange does go down.

Simon.
0
 
MarxxCommented:
This WORKAROUND is helping but...
To work around this behavior, follow these steps:
1.      Move the following groups to the default Users container:
      
"      Exchange Enterprise Servers
"      Exchange Services
"      Exchange Domain Servers

2.      Restart the System Attendant service.

IF these groups are allredy in default USER container in AD, try this:

Open Exchange Domain Servers group and look members, then remove exchange computer from this group and press APPLY (NOT OK) - then PUT exchange computer BACK to this group, press APPLY and OK.
Restart the System Attendant service and all other services that depended on this service and would'nt start.

0
 
sulinmCommented:
We spent 7.5 hours on the phone with MS Premier. Ultimately, we simply rebooted all of our domain controllers and everything started working again. Failed over and rebooted Exchange clusters to tidy up.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 5
  • 3
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now