Microsoft KB Archive/835970

= Windows Messenger users cannot sign in to Live Communications Server, and event ID 29 appears in the application log =

Article ID: 835970

Article Last Modified on 6/29/2004

-

APPLIES TO


 * Microsoft Office Live Communications Server 2003
 * Microsoft Windows Messenger 5.0

-





SYMPTOMS
After you install and configure Microsoft Office Live Communications Server 2003, Microsoft Windows Messenger users cannot sign in to Live Communications Server. Additionally, the following event appears in the application log on the Live Communications Server computer. Event Source: Live Communications Active Directory Connector

Event Category: None

Event ID: 29

Date:

Time:

Event Type: Error

Computer:

Description: Encountered an unknown failure while attempting to process a user entry. The entry came from naming context DC=contoso,DC=com. This error has caused the replication cycle to fail. It will be retried.

Diagnostic information: User DN attribute value: CN=Guest,CN=Users,DC=contoso,DC=com Guid Active Directory attribute name: objectGUID Guid Active Directory attribute value: {A5E68767-26D9-4843-9B07-FDE285F87996} The error occurred while processing attribute isDeleted. The description of the error that occurred is: Decoding Error (hr=0x8007003b).



CAUSE
This issue occurs if the following groups do not have sufficient permissions to the user objects in the Active Directory directory service:
 * RTCHSDomainServices
 * RTCDomainServerAdmins
 * RTCDomainUserAdmins

This scenario may occur if you remove permission inheritance from the domain container in Active Directory before you install Live Communications Server.

Sometimes, this issue occurs because authenticated users may not have Read permissions for a user objects container and for the user objects in the container. If authenticated users has been removed or denied Read permissions, you must grant the RTCHSDomainServices group Read permissions on the user objects in the container and on the container.



RESOLUTION
To resolve this issue, verify the permissions that are assigned to Live Communications Server-related groups in Active Directory. The following table lists the appropriate permission assignments for these groups.

Assign the correct permissions to each of the Active Directory containers that contain user objects. To assign these permissions to a user objects container, follow these steps.Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.  Start the ADSI Edit tool, and then connect to a domain controller. To start ADSI Edit, click Start, click Run, type adsiedit.msc, and then click OK.

Note ADSI Edit is included with the Microsoft Windows Server 2003 Support Tools. To install the Windows Support Tools, double-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD. Expand '''Domain [. . ], right-click the user objects container where you want to assign permissions, and then click Properties'''. For example, right-click CN=Users, and then click Properties or right-click OU= , and then click Properties. Click the Security tab, and then click Advanced. Click Add, type rtchsdomainservices, click Check Names, and then click OK. In the Permission Entry for  dialog box that appears, click the Properties tab. In the Apply onto list, click User objects.</li> In the Allow column, click to select both of the following check boxes:

Read RTCPropertySet

Read RTCUserSearchPropertySet

</li> Click OK.</li> Click Add, type rtcdomainserveradmins, click Check Names, and then click OK.</li> Click the Properties tab, click User objects in the Apply onto list, and then in the Allow column, click to select both of the following check boxes:

Read RTCPropertySet

Write RTCPropertySet

</li> Click OK.</li> Click Add, type rtcdomainuseradmins, click Check Names, and then click OK.</li> Click the Properties tab, click User objects in the Apply onto list, and then in the Allow column, click to select all the following check boxes:

Read Public Information

Write Public Information

Read RTCPropertySet

Write RTCPropertySet

Read RTCUserSearchPropertySet

Write RTCUserSearchPropertySet

</li> Click OK three times to close all dialog boxes.</li> Follow steps 2 through 14 to assign the correct permissions to the other containers that contain Live Communications Server users.</li> When you are finished modifying permissions, quit ADSI Edit.</li></ol>

Additional query words: LCS WM IM RTC

Keywords: kbprb KB835970

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.