Microsoft KB Archive/277906

From BetaArchive Wiki
Knowledge Base


Article ID: 277906

Article Last Modified on 10/25/2007


APPLIES TO

  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition


This article was previously published under Q277906

This article is a consolidation of the following previously available articles: 277906, 281607, and 812215

SYMPTOMS

If you are working in a mixed-mode environment where Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 and Microsoft Exchange Server 5.5 are installed in separate Active Directory domains, when you grant an Exchange Server 5.5 user permissions to a public folder on the Exchange 2000 or Exchange 2003 computer, the following events are logged in the Application log.

Event 1

Event Type: Error
Event ID: 9562
Event Source: MSExchangeIS
Event Category: General
Description: Failed to read attribute msExchUserAccountControl from Active Directory for /O=Your_Exchange_Organization/OU=Your_Exchange_Administrative_Group/CN=RECIPIENTS/CN=User_Name.

Event 2

Event Type: Error
Event ID: 9551
Event Source:MSExchangeISPublic

Description: An error occurred while upgrading the ACL on folder [Public Folders]/Folder located on database "First Storage Group\Public Folder Store (Exchange_Server_Name)".

The Information Store was unable to convert the security for /O=Your_Exchange_Organization/OU=Your_Exchange_Administrative_Group/CN=RECIPIENTS/CN=User_Name into a Windows 2000 Security Identifier. It is possible that this is caused by latency in the Active Directory Service, if so, wait until the user record is replicated to the Active Directory and attempt to access the folder (it will be upgraded in place). If the specified object does NOT get replicated to the Active Directory, use the Microsoft Exchange System Manager or the Exchange Client to update the ACL on the folder manually. The access rights in the ACE for this DN were 0x41b.


When an Exchange Server 5.5 user tries to access the public folder, he or she may receive one of the following error messages.

Error message 1

Error 500 Internal server error

Error message 2

Client operation failed

CAUSE

This issue may occur because any user object that is mailbox-enabled must have the msExchUserAccountControl attribute stamped on it by Recipient Update Service, and the attribute value must be set to 0. If the user object is not configured in this way, it is treated as mailbox-disabled.

By default, Recipient Update Service is not available in an Active Directory domain that has only an Exchange Server 5.5 computer. Therefore, the user object in Active Directory that is associated with the mailbox on the Exchange Server 5.5 computer does not have the msExchUserAccountControl attribute set.

When you grant an Exchange Server 5.5 user permissions to a public folder in Exchange 2000 or Exchange 2003, the information store on the Exchange 2000 or Exchange 2003 computer assigns the distinguished name of this mailbox to that public folder. The Exchange 2000 or Exchange 2003 information store tries to upgrade this Exchange Server 5.5 distinguished name to a Windows security identifier (SID). If the Active Directory user object that is associated with this mailbox does not have the msExchUserAccountControl attribute set, when the information store reads this attribute, and then does not upgrade the Exchange Server 5.5 distinguished name to a Windows SID, the information store generates the events that are described in the "Symptoms" section.

RESOLUTION

To resolve this issue, run Exchange 2000 or Exchange 2003 Setup with the /domainprep switch in the domain in which the Exchange Server 5.5 computer resides. Then, create an additional Recipient Update Service for that same domain . This Recipient Update Service instance will populate the msExchUserAccountControl attribute for all mailbox-enabled user objects. To create the additional Recipient Update Service, follow these steps:

  1. Start Exchange System Manager.
  2. Right-click the Recipient Update Services container, and then click New Recipient Update Service.
  3. Enter the domain where the Exchange Server 5.5 computer resides as the object to be updated by this service.
  4. Enter the name of the Exchange 2000 or Exchange 2003 computer where you want to run this service.
  5. Click OK.

For more information about running setup /domainprep, click the following article number to view the article in the Microsoft Knowledge Base:

312407 Requirements for preparing Windows domains for Exchange Server 2003 or for Exchange 2000 Server


For additional information about the Exchange Recipient Update Service, click the following article number to view the article in the Microsoft Knowledge Base:

319065 How to work with the Exchange Recipient Update Service


Keywords: kbprb KB277906



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/277906&oldid=152241
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki