Q

Errors in DC Event Log when migrating from Exchange 5.5 to 2003

I get the following error in my DC Event Log every minute or so. I have a Win2000 domain trying to migrate from Exchange 5.5 in a NT domain to a Windows 2003/Exchange 2003 member server located in the Win2000 domain that has only 1 DC. I cannot figure out what is configured incorrectly or what permissions I do not have set correctly?

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Directory Service Access 
Event ID:	565
Date:		11/25/2003
Time:		9:55:14 AM
User:		DomainExchangeServer$
Computer:	DC Server
Description:
Object Open:
 	Object Server:	DS
 	Object Type:	configuration
 	Object Name:	CN=Configuration,DC=W2kDomain,DC=W2kDomain,DC=com
 	New Handle ID:	-
 	Operation ID:	{0,156763517}
 	Process ID:	396
 	Primary User Name:DCServer$
 	Primary Domain:	W2kDomain
 	Primary Logon ID:(0x0,0x3E7)
 	Client User Name:ExchangeServer$
 	Client Domain:	W2kDomain
 	Client Logon ID:(0x0,0x74AFF30)
 	Accesses	Control Access 
			
 	Privileges		-

 Properties:
---
	Manage Replication Topology
Thanks for any help you can provide.
This is a known problem with Exchange. The recipient update service (RUS) which is running on the member server points at the domain controller, which the RUS polls every minute.

When the RUS processes objects, it only processes the objects that have changed in the AD. The query that the RUS uses to find updated objects is server specific. i.e. if the RUS uses for example USNChanged>1000 on one DC, that query may not work properly on another DC. If the query doesn't work, then during failover the RUS will incorrectly skip processing some objects.

In the case where the DC fails, and the RUS needs to fail over, the RUS must be able to correct the query so that it can be issued against a different DC. To do that, the RUS must know the current domain controller's Replication Cursors. To know the Replication Cursors, the RUS needs Manage Replication Topology rights on the configuration naming context.

To resolve this problem, add the add the Exchange 2000 member server computer account to the configuration naming contect (ie "CN=Configuration,DC=Domain,DC=com") using ADSI edit and also assign the right "Manage replication topology rights"

This was first published in December 2003

Dig deeper on Microsoft Exchange Server Transaction Log Files

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close