Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/170810

From BetaArchive Wiki
Knowledge Base

Article ID: 170810

Article Last Modified on 10/12/2007


  • Microsoft Exchange Server 4.0 Standard Edition
  • Microsoft Exchange Server 5.5 Standard Edition
  • Microsoft Exchange Server 5.0 Standard Edition

This article was previously published under Q170810


The DS_E_INSUFFICIENT_ACCESS_RIGHTS error occurs when you try to start the Microsoft Exchange Server information store service. This error is displayed in a dialog box with the following text:

The Microsoft Exchange Information Store service returned
service specific error 4021.

The event viewer will also show this same error.


This error occurs because a directory store database is restored which contains a service account with an incorrect security ID (SID). This may happen if the Windows NT Security Account Manager (SAM) database has been lost or re-created. The Exchange Server directory service will start, but after starting the information store service, the error message displays.


The directory service can be regenerated by using the restored version of the information store databases. To do this, follow these steps:

  1. Reinstall Exchange Server with the new service account.
  2. Stop the Information Store service, and then restore the Information Store Databases only.
  3. Start the Information Store service.

Note If the Information Store service is restored from an offline backup, you must run an isinteg -patch if you receive a 1011 error when you start the Information Store service.

  1. In the Exchange Server Administrator program, select the Server Properties page of the Exchange Server computer.
  2. On the Advanced tab, click All inconsistencies under DS/IS consistency adjustment, and then click Adjust.

Note In Exchange 5.5, click to select the Synchronize with the directory check box, and then create new directory entries for mailboxes that do not have a corresponding directory entry.

Your directory is repopulated and contains a service account with a correct SID.

If a .csv file with exported directory information is available, that information can be imported into the Microsoft Exchange Server directory.


For more information, see the Disaster Recovery white paper from the following Microsoft Web site:

Keywords: kbprb KB170810