none
Exchange server does not have Audit Security Privilege on Domain Controller

    Question

  • Good day,

    A message is being logged in the event viewer on the Exchnage server 2003 that says "Process IISIPMF1871F60-79B8-4815-9341-6555C7748FB7 -AP "EXCHANGEAPPLICATIONPOOL (PID=7360). Exchange Server server17.kawargroup.internal does not have Audit Security Privilege on  Domain Controller server5.kawargroup.internal. This Domain Controller will not be used by DSAccess. "
    have run the policytest.exe & everything is fine:

    ===============================================
    Local domain is "kawargroup.internal" (KAWARGROUP)
    Account is "KAWARGROUP\Exchange Enterprise Servers"
    ========================
      DC      = "SERVER2"
      In site = "kawar"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER8"
      In site = "aqaba"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER10"
      In site = "manara"
      !! LsaOpenPolicy returned error 1722 !!

    ========================
      DC      = "SERVER11"
      In site = "gac"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "AQABA13"
      In site = "aqaba"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER16"
      In site = "PIL"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER5"
      In site = "kawar"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER20"
      In site = "kawar"
      !! LsaOpenPolicy returned error 1722 !!

    ========================
      DC      = "SERVER21"
      In site = "manara"
      Right found:  "SeSecurityPrivilege"
    ========================
      DC      = "SERVER13"
      In site = "aqaba"
      Right found:  "SeSecurityPrivilege"

    Note that server10 & server20 were domain controllers , now they are not used but still in the active directory considered as DCs (they have crashed & I didn't remove them from Active Directory)
    -I have other another 3 Exchange servers in different 3 sites but belongs to the same domain , have noted that this error message appears on all exchange servers , except for the one that is on server5 (that is also the Primary DC)
    -every site has it own DC & exchange should connect to its local DC
    -also all exchange servers are in the "Exchange servers" security Group & this group is inside the Users OU in the Active Directory.
    -the server [server17] Exchange services hanged once 2 days ago & restarted the Exchange services , everything till now is fine.

    My question :
    1.is this error message that appeared in the event viewer caused this server to hang, & how can we fix this error message.
    2.can servers 10 & 20 inexistance cause any interruption in the Exchange functionality .
    3.will this error affect other exchange servers ? till now they are working well .


    Regards
    Elias Dayeh

    Tuesday, September 08, 2009 12:54 PM

All replies

  • 1. This error would not create any kind of hung issue but still I would recommend to remove these server from AD by cleaning up metadata. 

    Also do the hardware diagnostic checkup which could be also a cause since you don't find any other hang related error in event log. 

    If you find any particular process is getting hang then you can generate hang dump and PSS can analyze it...

    2. No, because Exchange uses other DCs and 10 & 20 are out of DSAccess process, they wouldn't create any issue.

    3. No, as per point 2.

    Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

    Tuesday, September 08, 2009 4:16 PM
  • Thank you for your reply.

    So what is causing this error "Exchange Server server17.kawargroup.internal does not have Audit Security Privilege on  Domain Controller server5.kawargroup.internal" to be logged in the event viewer?

    As described in the Microsoft articles on this event ID: 2112  I have followed the instructions & nothing seems to be wrong:
    1.checked with policytest.exe tool - all is fine
    2.checked the security groups in Active Directory ,  all exchange servers are in the "Exchange servers" security Group & this group is inside the Users OU in the Active Directory.

    So how can I solve this error message ? it is logged on all exchange servers except the one that is on server5 .
    Wednesday, September 09, 2009 8:10 AM