Exchange 2003 SP2 and Domain Controller Permissions

Home Forums Messaging Software Exchange 2000 / 2003 Exchange 2003 SP2 and Domain Controller Permissions

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    eramnes
    Member
    #143018

    Greetings all:

    I am having a strange problem with our new Exchange installation. I have recently implemented Exchange 2003 Standard SP2 running on Server 2003 Standard R2 SP2 with all updates and I am seeing Event ID 2112 in my logs on the Exchange server. The error is this:

    Quote:
    Exchange Server exchange.domain.local does not have Audit Security Privilege on Domain Controller dc.domain.local. This Domain Controller will not be used by DSAccess.

    The server dc.domain.local is running Server 2003 Standard x64 R2 SP2. This domain controller is the holder of all the FSMO roles for the domain in question, as well as hosting DHCP, DNS, and WINS. We have four other domain controllers running Server 2000 Standard SP4, all of which but one will be demoted in the near future during the transition from Server 2000 SP4 to Server 2003 R2.

    I have followed the steps referenced in the article http://support.microsoft.com/kb/919089, but it doesn’t seem to have resolved the issue. In addition, I tried running the Exchange domain prep directly on the server experiencing the issue, but it will not run due to an incompatibility with the x64 version of Server 2003. I have verified that policytest.exe shows a positive result on the domain controller in question, and that there is no firewall or the like enabled on that server.

    The symptoms I am noticing is that when viewing the Advanced Properties in ADUC, under the Security tab -> Advanced, the check box for allowing inherited permissions never stays checked. Even if you check the box, it will uncheck itself within a few minutes of hitting Apply, thus causing the Recipient Policies for the Exchange server to not apply. The users do not automatically receive e-mail addresses. If you check the box and immediately apply the Recipient Policy, it takes a very long time(>30 minutes) for the addresses to show up, and the box unchecks itself again right after it is done.

    Can anyone point out something I’ve missed or send me in the correct direction to resolve this issue?

    Thanks!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.