Exchange System Attendant does not have permission message found
Hello;
My domain has two Windows Server 2008 DC, one of my DC failed yesterday then I found the following error message in the Application Log of my Exchange 2007 server. I am wondering why it is showing there, suppose even though on of the DCs failed, my Exchange should able to look at the GC or Active Directory information from another DC in Domain, right? Two DCs has a copy of GC on server. Please see the log below....
------
the universal security group '/dc=local/dc=company/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.
If this computer is not a member of the group '/dc=local/dc=company/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services.
Exchange
Last Comment
KANEWONG
8/22/2022 - Mon
Saoi
Yes, you're correct in saying that Exchange should use any GC, but if the DC failed it's not going to be graceful. If the server is failed completely you will need to manually remove the GC from the domain:
You'll need to restart the exchange services after you've cleaned up.
KANEWONG
ASKER
But the failed DC is working fine after reboot.
Saoi
OK, if you're confident that the failed DC is up and running correctly - I assume you've checked the membership of the Exchange Servers group? The Exchange server should be in it. And restarted the Exchange services after the failed DC came back online?
http://thelazyadmin.com/blogs/thelazyadmin/archive/2008/11/22/removing-a-windows-server-2008-dc.aspx
Fortunately it's easier than the 2003 method!
You'll need to restart the exchange services after you've cleaned up.