Exchange - SACL Watcher servicelet encountered an error while monitoring SACL change.

Odd, but if ntdsutil has mentioned that the DC does not exist, have you tried restarting MSExchangeSA service on Exchange Or a simple reboot off-production hours?

How about verifying that the DC is not part of AD Sites and Services, also check if Exchange is storing this information in its registry - check event id 2080 and view the listed DC/GC.

Regards,
Exchange_Geek

So what all sites do you get when you go to "Type list sites" and does the AD site where the deleted DC existed still existing ?

How did you remove that DC ??

- Rancy

Weird thing is I got no dcs existing under any of my sites even though there's one under each site that dc died of hard disk failure so I removed it from sites and services and removed it from ad and any thing I could see in adsi edit

Did you check Lostand Found contaciners ??

You didnt see any DC under site in ntdsutil or under Sites&Services console ??

- Rancy

This topic gets more interesting, you're telling me that you cannot see any DC under sites and services. Possible issue with your permission - do you have any other credential that you can use? This may be also the reason why ntdsutil didn't help you either.

Regards,
Exchange_Geek

sorry mad bad..

ntdustil does work i didnt do it right, i can only see the one valid site in there though, the removed invalid DC is not there.

I can see all my dcs under sites and services

ive run all as admin too, so currently this dc doesnt exist anywhere but is getting reffered too by exchange.

its not in lost and found either...

Thanks

As said by Exchange_Geek please share the eventID's.

When you say the server DC1 had failed and you broght a new one with another or same name ? What else was done in the process to remove all its instances from the environment ?

- Rancy

old DC failed:-
removed from sites and services
removed from AD
check any remnants in ADSI Edit
should there be anything else?

heres the event (ARTY is the failed DC)

Log Name:      Application
Source:        MSExchange SACL Watcher
Date:          07/08/2012 07:32:26
Event ID:      6003
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.domain.local
Description:
SACL Watcher servicelet encountered an error while monitoring SACL change.
Got error 1722 opening group policy on system ARTY.domain.local in domain works.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange SACL Watcher" />
    <EventID Qualifiers="49152">6003</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-07T06:32:26.000000000Z" />
    <EventRecordID>270494</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXCHANGE.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ARTY.domain.local</Data>
    <Data>works</Data>
    <Data>1722</Data>
  </EventData>
</Event>

Select allOpen in new window

im also getting this quite often too -  ive checked and the exchange server is in that group in AD

Log Name:      Application
Source:        MSExchangeSA
Date:          07/08/2012 07:18:35
Event ID:      9385
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.domain.local
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=local/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group. 

If this computer is not a member of the group '/dc=local/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services. 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeSA" />
    <EventID Qualifiers="49152">9385</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-07T06:18:35.000000000Z" />
    <EventRecordID>270487</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXCHANGE.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>/dc=local/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers</Data>
    <Data>8007203a</Data>
  </EventData>
</Event>

Select allOpen in new window

Thanks Guys

Great, thank you for sharing the details. When you mentioned that you've removed it from site and services (good), removed from AD (better), removed from adisiedit (awesome).

Now, the last point that's left is - have you seized the FSMO roles on to the new box? Also, you've promoted the new DC as GC too - is it?

w.r.t your event 9385 - check if Exchange box is part of the Group "Exchange Servers", if yes - restart System Attendant service (found this as a common solution across internet)

Hopefully this should solve your issue.

Regards,
Exchange_Geek

Ive checked all security groups all is ok
I previously seized the roles to anohter DC
this new DC has been promoted to GC

when you say have any GP? group policies?
the group policies are applied domain wide i have multiple DCs so the GPs where jsut copied back to the new dc when i dcpromo'd it

Thanks

 w.r.t your event 9385 - check if Exchange box is part of the Group "Exchange Servers", if yes - restart System Attendant service (found this as a common solution across internet)

Was this sorted out?

Regards,
Exchange_Geek

Ok i did some windows updates (rollup 6 for exchange included in that) rebooted the server and all errors are gone now!

sound about right?

yeah seems im all clean!
no more errors at all :)

thanks guys!