Solved

X64 2008 Server missing "SACL right"

Posted on 2008-10-20
4
1,866 Views
Last Modified: 2010-04-21
How do I add the "SACL right" to my X64 2008 Domain Controller?  

Domain has 7 2003 R2 DC's and one X64 2008 DC.  All are global catiloge servers.
Exchange 2003 SP2 running on a 2003 R2 member server.

From the Exchange server log...

Process INETINFO.EXE (PID=1240). DSAccess has discovered the following servers with the following characteristics:
 (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc01fin.Raygraham.org      CDG 7 7 1 0 1 1 7 1
DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1
 Out-of-site:
dc01eld.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01han.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lis.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01lom.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01ful.Raygraham.org      CDG 7 7 1 0 1 1 7 1
dc01slc.Raygraham.org      CDG 7 7 1 0 1 1 7 1

Please note: "DC08FIN.Raygraham.org      CDG 7 7 1 0 0 1 7 1"  this is my 2008 server and is missing SACL rights.
 
Aditional Facts:
-All DC's have been restarted
-Have rerun both Forestprep and Domainprep form the Exchange 2003 member server

Any ideas woud be great.  Thanks
0
Comment
Question by:JAVidmar
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 500 total points
Comment Utility
Wish i could think of something quick, however all i can suggest is

1) DIsable IPv6 on W2k8 box for a while
2) Check for replication errors (if any) on W2k8 box.
3) The most usual step - check for manage auditing and security rights membership from w2k8 box and dc01fin.

4) If possible please reboot w2k8 box so that Exchange pulls up new information forced by reboot of this box.

0
 
LVL 9

Expert Comment

by:abdulzis
Comment Utility
0
 
LVL 33

Expert Comment

by:Exchange_Geek
Comment Utility
The information of ntSecurityDescriptor should have been populated by running domain prep.

"DSAccess does not use any domain controller that does not have permissions to read the SACL on the nTSecurityDescriptor attribute in the domain controller. You must have at least one server that satisfies each role (C, D, or G), that is reachable for that role (the appropriate bit flag connected by an OR value in the Reachability column), and that shows 1 in the SACL right column. If you do not have these servers, confirm that the domain controller that shows 0 in the SACL right column has been domain-prepped, and then confirm that your Recipient Update Services are configured properly."

http://support.microsoft.com/kb/316300

However, the steps outlined in the post above can be checked - well written blog.
0
 

Author Closing Comment

by:JAVidmar
Comment Utility
Setting the manage auditing and security rights and restarting all DC's resolved the issue.  Thanks Exchange Geek.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now