We help IT Professionals succeed at work.

Problem involving EventConfig_{oldsvrname} and AAD Connect.

105 Views
Last Modified: 2019-03-01
(I posted this at Reddit, but am still searching for an answer so I wanted to post here too. Hoping one of you might know what I'm facing and be able to help me get past the hurdle I'm encountering. Thanks. )

I've implemented AAD Connect in preparation for an O365 Hybrid migration project.

MSOL is sending me Identity Synchronization Error Reports every 30-minute cycle, complaining about an object with the Identity "EventConfig_xxx" (where xxx = an old server name).

The Error Description states "Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:EventConfig_xxx@{organization}.onmicrosoft.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values."

How could I possibly have a duplicate address in local AD that uses @___.onmicrosoft.com ? There is nothing in the local domain with that domain name.

ADUC doesn't find an object with that name. I managed to find it myself, in Exchange System Objects, under the Events Root folder. There were 3 entries there with the same name. In ADSIEdit I found the objects, one with the name EventConfig_xxx. one with EventConfig_xxx-1, and one as EventConfig_xxx-2. The objects are of Object Type 'Public Folder'

The environment presently has Exchange 2010 servers, running SP3 UR26. Also one Exchange 2016 svr.

Nobody within the organization recognizes the server name at all or has any memory of it. Ping resolves it to an IP address. It doesn't respond to ping. I cannot find that IP address anywhere in DNS, whether looking in Forward or Reverse lookup zones.

I could not find the object in the O365 Admin Center, or the O365 EAC, or using O365 Remote Powershell (neither with Get-MSOLUser or Get-Mailbox).

I can find the object in a Metaverse Search using the AAD Connect Sync Mgr tool and the Source Anchor (provided in the Error Report). If I look at the Proxy Addresses on the object, none are the address AAD Connect is complaining about.

I cannot find the object in the Azure AD admin center.

IdFix doesn't detect the object.

I haven't found much online about this. I found a few pages that lead me to believe this is an orphaned remnant from either Exchange 5.5, 2000, or 2003. One article from 2007 (https://www.tek-tips.com/viewthread.cfm?qid=1410090) suggested using a utility called 'events.exe' with a switch to clean up the infrastructure, but I'm not confident that will still apply, and I don't see any way to roll that back if it causes unanticipated problems.

The company does use Public Folders, so I can't break those.

Do any of you know what the Events Root\EventConfig_xxx objects do, how they are used, etc..., and how I can either clean them up or correct whatever is causing the AAD Connect complaint?

I've been trying to gather info on this and resolve it for a while now, so if I've left out any important and relevant information here, call me out on it - I probably just forgot to mention it.

Thanks.
Comment
Watch Question

Bruno PACIIT Consultant
CERTIFIED EXPERT

Commented:
Hi,

As you found suspicious objects with ADSIEdit you can try to mark these objects as to be ignored by AAD Connect.

To do that, in ADSIEdit, locate the suspicious object, modifiy its attribute "AdminDescription" and give it the value "User_DoNotSync".

Normally, AAD Connect wil just ignore any object that has a value startinf with "User_" or "Group_" in AdminDescription attribute.


This should make the synchronization error to disappear. This does not answer to the question of what these objects are from and if you can delete them or not but may be you can just ignore them..


Have a nive day

Author

Commented:
Hi Bruno,

Thanks for the idea, I didn't know about that feature of AAD Connect.

I did try that, but AADC did still try to sync the object (and showed the changed attribute so I know this was after the change had replicated across the AD environment) and still threw the error.
Bruno PACIIT Consultant
CERTIFIED EXPERT

Commented:
Hi again,

Well, looks like Microsoft AAD connect make a specific treatment on these objects.
By the way, did you searched if these objects exists on o365 as mail contacts ? Public folders are not mailboxes nor groups so I presume the synchronization creates a contact object in your exchange online.

Also, I suppose you don't synchronize your whole domain so you probably have some organizational units that are not synchronized ? In this case, can you just try moving the object in a container that is not synchronized and check if error disappears. But note where the object is currently so you may be able to put it back if something gets wrong with your onpremise exchange.

If you dont have on premise public folders and your exchange on premise is 2013 or above it's pretty sure these objects are just old ones that were not cleaned in your previous migration.

Author

Commented:
Thanks Bruno, there is no visible contact record for that object either.

I really don't think it exists in O365. I think AAD Connect is not syncing it to Azure, and the Sync Error notification is telling me that.

I just don't understand why it is complaining that there is an '@... .onmicrosoft.com' proxyaddress, and I don't understand why it is complaining about the EventConfig_{oldsvr}..., but not complaining about EventConfig_{oldsvr}-1..., or EventConfig_{oldsvr}-2..., , or EventConfig_{differentoldsvr}..., . I see all of those in ADSIEdit in the same place, but only the one is flagged by AADConnect. (And no, none of them are visible in O365, and there's no reason any of them should be in O365.)

My client is annoyed at the emails, and I'm concerned that this may indicate some other problem that I'll uncover as I go further with the migration project. I don't want to simply redirect the emails because if the client doesn't see them then I'll own those errors forever and anytime new recipients are improperly added to AD in the future the client won't see the problem.

Ultimately I need to find the cause and solution.

I appreciate your help.

I really do think this is a tough one. I think it is going to require somebody that was both an Exch2k expert and remembers it, and also knows (is certain, not just guessing like me) whether or how the Events Root\EventConfig_{svr} entries are used in Exch 2010 + Exch 2016 hybrid configs.

I wish I could just delete the entry in ADSIEdit, but as I wrote above I don't know if that might break anything, and I wouldn't know how to properly re-create it if deleting it did cause harm.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.