Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 11/25/2003
Time: 9:55:14 AM
User: DomainExchangeServer$
Computer: DC Server
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=W2kDomain,DC=W2kDomain,DC=com
New Handle ID: -
Operation ID: {0,156763517}
Process ID: 396
Primary User Name:DCServer$
Primary Domain: W2kDomain
Primary Logon ID:(0x0,0x3E7)
Client User Name:ExchangeServer$
Client Domain: W2kDomain
Client Logon ID:(0x0,0x74AFF30)
Accesses Control Access
Privileges -
Properties:
---
Manage Replication Topology
Thanks for any help you can provide.
Requires Free Membership to View
This is a known problem with Exchange. The recipient update service (RUS) which is running on the member server points at the domain controller, which the RUS polls every minute.
When the RUS processes objects, it only processes the objects that have changed in the AD. The query that the RUS uses to find updated objects is server specific. i.e. if the RUS uses for example USNChanged>1000 on one DC, that query may not work properly on another DC. If the query doesn't work, then during failover the RUS will incorrectly skip processing some objects.
In the case where the DC fails, and the RUS needs to fail over, the RUS must be able to correct the query so that it can be issued against a different DC. To do that, the RUS must know the current domain controller's Replication Cursors. To know the Replication Cursors, the RUS needs Manage Replication Topology rights on the configuration naming context.
To resolve this problem, add the add the Exchange 2000 member server computer account to the configuration naming contect (ie "CN=Configuration,DC=Domain,DC=com") using ADSI edit and also assign the right "Manage replication topology rights"
This was first published in December 2003
Join the conversationComment
Share
Comments
Results
Contribute to the conversation