Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

X64 2008 Server missing "SACL right"

Posted on 2008-10-20
4
Medium Priority
?
2,007 Views
Last Modified: 2010-04-21
How do I add the "SACL right" to my X64 2008 Domain Controller?  

Domain has 7 2003 R2 DC's and one X64 2008 DC.  All are global catiloge servers.
Exchange 2003 SP2 running on a 2003 R2 member server.

From the Exchange server log...

Process INETINFO.EXE (PID=1240). DSAccess has discovered the following servers with the following characteristics:
 (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc01fin.Raygraham.org      CDG 7 7 1 0 1 1 7 1
DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1
 Out-of-site:
dc01eld.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01han.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lis.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lom.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01ful.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01slc.Raygraham.org      CDG 7 7 1 0 1 1 7 1

Please note: "DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1"  this is my 2008 server and is missing SACL rights.
 
Aditional Facts:
-All DC's have been restarted
-Have rerun both Forestprep and Domainprep form the Exchange 2003 member server

Any ideas woud be great.  Thanks
0
Comment
Question by:JAVidmar
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 2000 total points
ID: 22762435
Wish i could think of something quick, however all i can suggest is

1) DIsable IPv6 on W2k8 box for a while
2) Check for replication errors (if any) on W2k8 box.
3) The most usual step - check for manage auditing and security rights membership from w2k8 box and dc01fin.

4) If possible please reboot w2k8 box so that Exchange pulls up new information forced by reboot of this box.

0
 
LVL 9

Expert Comment

by:abdulzis
ID: 22764669
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22764900
The information of ntSecurityDescriptor should have been populated by running domain prep.

"DSAccess does not use any domain controller that does not have permissions to read the SACL on the nTSecurityDescriptor attribute in the domain controller. You must have at least one server that satisfies each role (C, D, or G), that is reachable for that role (the appropriate bit flag connected by an OR value in the Reachability column), and that shows 1 in the SACL right column. If you do not have these servers, confirm that the domain controller that shows 0 in the SACL right column has been domain-prepped, and then confirm that your Recipient Update Services are configured properly."

http://support.microsoft.com/kb/316300

However, the steps outlined in the post above can be checked - well written blog.
0
 

Author Closing Comment

by:JAVidmar
ID: 31507998
Setting the manage auditing and security rights and restarting all DC's resolved the issue.  Thanks Exchange Geek.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question