System Attendant missing permissions to it's own mailbox?

Posted on 2010-03-25
Medium Priority
Last Modified: 2012-05-09

I have enabled mailbox access logging in Exchange 2007. After that I stumbled upon this event (represented multiple times):

Log Name:      Application
Source:        MSExchangeIS Mailbox Store
Date:          25-03-2010 10:40:47
Event ID:      1029
Task Category: Access Control
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      <CCR Node 1 name>
<CMS_name>-SA@<DNS_domain_name> failed an operation because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The distinguished name of the owning mailbox is /O=<Exchange_org>/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=CONFIGURATION/CN=SERVERS/CN=<CMS_name>/CN=MICROSOFT SYSTEM ATTENDANT. The folder ID is in the data section of this event.

I don't know if the object <CMS_name>-SA@<DNS_domain_name> refer to a System Attendant account created by Exchange or the CMS' system (computer) account (normally this would be refered as <CMS_name>$).

I have search the AD domain for the object, but without luck. Maybe the object is hidden from normal LDAP searches (samaccountmame=<CMS_name>-SA@<DNS_domain_name>). I can't grant permissions to objects which I can't find.

I haven't noticed any issues which I could relate to these events.

Have anyone else seen this warning before?

Question by:MichaelVorbeck
  • 2
  • 2
LVL 33

Accepted Solution

Busbar earned 500 total points
ID: 28704448
please run setup and run forestprep and domainprep, domainprep should do it by itself so you might to try it by itself

Author Comment

ID: 29884738
Since this is logged for only a server or a service account for the server, I cannot see how forest- and domainprep should resolve this issue.
LVL 33

Expert Comment

ID: 29884983
because forestprep and domainprep will restore permissions or the Exchange server

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question