none
Exchange 2010 SP1 System Attendent Service is not starting

    Question

  • Dear Team,

    I am having SBS 2003 SP2 Server with Exchange Server 2003 SP2 & I am migration it to Windows Server 2008 R2 Domain Controller & Exchange Server 2010 SP1. I have configured 2008 R2 SP1 as a addition domain controller & Keep it ready.

    I have run all the prerequisits & Installed Exchange 2010 SP1 Setup on another Windows Server 2008 R2 SP1 Server, where i was getting error as System Attendent Service is trying to start but its stop responding & Mailbox Server roles installation Cancled but HUB / CAS Installed successfully. I have modified Settings in ADSI Edit & rerun the setup & Mailbox Server is also installed.

    But System Attendent Service is not starting & generating Event ID 9157 as

    "Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure that the computer account is a member of the "Exchange Servers" and "Exchange Install Domain Servers" security groups."

    Can you pls help me on this???

    Regards,,,

    Vishal

     

    Monday, August 29, 2011 12:28 PM

Answers

  • Guys...

    My problem is resolve please have looks at workaround: -

    >> Checked the permission of Exchange servers using ADSIEDIT. The permission were more than what it was required. So left it as it was.

    >> Disjoined the machine from domain.

    >> Reset Exchange machine account.

    >> Rejoined the domain.

    >> As logging on would take long time, we disabled Exchange servers.

    >> Changed the startup type to default, then ran preparelegacyexhangepermissions,preparead,preparedomain.

    >> Then Connected to Schema container- "cn=schema,cn=configuration,dc=<your domain>,dc=<your domain>", changed the “Apply To” to “This object and all descendant objects” for Authenticated users.
    >> MSExchangeSA service started successfully.

    Enjoy....

    Thanks a lot to support me...


    Vishal C. Kalal | MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 2:03 PM

All replies

  • Does it have the necessary permissions per that message?

    What settings did you modify in adsiedit?

     

     

     

    Monday, August 29, 2011 12:43 PM
  • Post the event id 2080 from application log.

    Event ID 9157, it's a generic event, you can ignore it.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Monday, August 29, 2011 1:10 PM
  • Thanks Gulab,

    Please find the event id 2080...

    Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1240). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

    (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)

    In-site:

    test.domain.local CDG 1 7 7 1 0 1 1 7 1

    Out-of-site:

     

    Monday, August 29, 2011 1:59 PM
  • Yes...Mail Server & Exchange Groups are having necessary permission, I checked all the permissions..

    Regards,,,

    Vishal

    Monday, August 29, 2011 1:59 PM
  • Hi,

    Replicate the domain controllers and run setup.com /preparead and proceed with installation.

    Post the update.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Monday, August 29, 2011 2:02 PM
  • I have already done with that...
    Monday, August 29, 2011 2:07 PM
  • @Gulab
    Not much to replicate if theres only one DC/GC.

    @Vishal
    You never answered AndyD´s question "What settings did you modify in adsiedit?"
    Martina Miskovic
    Monday, August 29, 2011 2:13 PM
  • I have given Permission to Mail Server as full Access into Configuration partition....bcos Installation was also not happening....& Yes we are having only one DC & GC, so not much to replicate.

    Regards,,,

    Vishal

    Monday, August 29, 2011 2:16 PM
  • What was the error message you were getting prior to doing changes in Adsiedit? (If you remember)


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Monday, August 29, 2011 2:20 PM
  • The event 9157 in Event Viewer & In Exchange Installation Console it was "MSExchangeSA failed to reach status 'Running' on this Server"

    Regards

    Vishal

    Monday, August 29, 2011 2:23 PM
  • I got a question. Are you able to open up EMC? If yes than check the services console and try to start the service and if it fails than you should have some event generated.

    Post how many services do you see, are there any services missing?
    MY BAD ABOUT THAT REPLICATING DC'S ;)
    Post those events.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Monday, August 29, 2011 2:26 PM
  • Yes I am able to open EMC, the running services are: -

    MSExchangeADTopology, MSExchangeAB, MSExchangeAntispamUpdate, MSExchangeEdgeSync, MSExchangeFDS, MSExchangeFBA, MSExchangeIS, MSExchangeMailSubmission, MSExchangeMailboxAssistants, MSExchangeMailboxReplication, MSExchangeProtectedServiceHost, MSExchangeRepl, MSExchangeRPC, MSExchangeSearch, MSExchangeServiceHost, MSExchangeThrottling, MSExchangeTransport, MSExchangeTransportLogSearch,

    & MSExchangeSA (Stuck @ Starting)... & Generate Event ID 9157..

    Also again I run setup /PrepareAD, please find report of that: -

    F:\>setup /prepareAD

    Welcome to Microsoft Exchange Server 2010 Unattended Setup

    Preparing Exchange Setup

        Copying Setup Files                           COMPLETED

    No server roles will be installed

    Performing Microsoft Exchange Server Prerequisite Check

        Organization Checks                                       COMPLETED

    Configuring Microsoft Exchange Server

        Organization Preparation                                  COMPLETED

    The Microsoft Exchange Server setup operation completed successfully.

    Regards,,

    Vishal



    Monday, August 29, 2011 2:33 PM
  • Any Update Team???

    Rgds,,,

    Vishal

    Monday, August 29, 2011 4:24 PM
  • I think you problem lies in this --> I have given Permission to Mail Server as full Access into Configuration partition

    That is someting that never should be needed.
    I would guess that inheritance is turned off somewhere in CN=Exchange Server. Make sure you have inheritance set!

    Exchange Best Practice Analyzer might tell you wants wrong, so if you haven´t run it already you should.
    Martina Miskovic
    Monday, August 29, 2011 4:36 PM
  • I have run the same but not getting any permission error...& the given permission to mail server, as per the suggested blogs by MS....I am error before I have modified the settings...Any thing Else...?

    Regards,,,

    Vishal



    Monday, August 29, 2011 5:12 PM
  • You need to make sure that inheritance is enabled in the configuration --> CN=Services,CN=Exchange Server,CN=etc etc..

    As I see it, giving the server object full access permission in the CN=Configuration,CN=etc etc is just a bad workaround.


    Martina Miskovic
    Monday, August 29, 2011 5:35 PM
  • Dear,,

    inheritance is enabled in the CN=Services,CN=Exchange Server,CN=Domain.com.

    Anything else which I need to check or modify...

    Regards,,,

    Vishal

    Tuesday, August 30, 2011 5:31 AM
  • Dear,,

    inheritance is enabled in the CN=Services,CN=Exchange Server,CN=Domain.com.

    Anything else which I need to check or modify...

    Regards,,,

    Vishal


    Yes, you can check the settings for MSExchangeSA in the registry.
    Post what you see there.
    Martina Miskovic
    Tuesday, August 30, 2011 5:43 AM
  • You can refer this link  http://technet.microsoft.com/en-us/library/ff360340(EXCHG.140).aspx

    To resolve this error, do one or more of the following:

    • Wait for Exchange 2010 PrepareAD replication to complete. For more information about PrepareAD and PrepareDomain, see Prepare Active Directory and Domains.
    • Make sure the computer account is a member of the Exchange Servers and Exchange Install Domain Servers groups.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 5:50 AM
  • Martina, thanks for quick reply, which registry you want to from MSExchangeSA??

    Regards,,,

    Vishal

    Tuesday, August 30, 2011 5:51 AM
  • Thanks Mihir, My Mail Server is member of both the groups & AD Replication is done...

    Regards,,,

    Vishal

    Tuesday, August 30, 2011 5:53 AM
  • Hi,

    It might sound weird but can you post the fulll Event ID 9157.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 5:55 AM
  • Can´t you create a picture and create a link to it on Skydrive and post it here?
    Martina Miskovic
    Tuesday, August 30, 2011 5:55 AM
  • @Gulab,


    Log Name:      Application
    Source:        MSExchangeSA
    Date:          30-08-2011 11:25:49
    Event ID:      9157
    Task Category: General
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      mail.domain.local
    Description:
    Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure that the computer account is a member of the "Exchange Servers" and "Exchange Install Domain Servers" security groups.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchangeSA" />
        <EventID Qualifiers="32768">9157</EventID>
        <Level>3</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2011-08-30T05:55:49.000000000Z" />
        <EventRecordID>11306</EventRecordID>
        <Channel>Application</Channel>
        <Computer>mail.triconhome.local</Computer>
        <Security />
      </System>
      <EventData>
      </EventData>
    </Event>

    Tuesday, August 30, 2011 5:57 AM
  • Thanks Mihir, My Mail Server is member of both the groups & AD Replication is done...

    Regards,,,

    Vishal


    Just to be sure...
    The computer account is also a member of "Exchange Trusted Subsystem", right?
    Martina Miskovic
    Tuesday, August 30, 2011 6:00 AM
  • @Matrina,

    Created picture of Registry Sesstins & uploaded...thnxs


    Tuesday, August 30, 2011 6:01 AM
  • @Matrina,

    Created picture of Registry Sesstins & uploaded...thnxs


    Ok, but where is the link? :=)
    Martina Miskovic
    Tuesday, August 30, 2011 6:02 AM
  • see my previous reply,,,upload Image is there.
    Tuesday, August 30, 2011 6:03 AM
  • @Matrina,

    Created picture of Registry Sesstins & uploaded...thnxs


    Ok, but where is the link? :=)
    Martina Miskovic

    Hehehe, blame it on TechNet ;)
    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 6:03 AM
  • Thanks Mihir, My Mail Server is member of both the groups & AD Replication is done...

    Regards,,,

    Vishal


    Just to be sure...
    The computer account is also a member of "Exchange Trusted Subsystem", right?
    Martina Miskovic


    Check this one as well.

    Please please ensure the replication is completed successfully.

    I have posted above a KB for your reference for the same event ID 9157.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 6:05 AM
  • Run the Exbpa on the server and post the result if you get any error in it.
    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 6:06 AM
  • @Mihir,

    Yes, Computer is also member of Exchange Trusted Subsystem, & only one DC/GC is there so replication is done...

    Regards,,,

    Vishal

    Tuesday, August 30, 2011 6:08 AM
  • Check this article:
    http://technet.microsoft.com/en-us/library/bb288907(EXCHG.80).aspx

    Specifically Verification portion of the article:


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 6:10 AM
  • @Gulab,

    I have run the Exbpa but not getting any error in that..Those are the basic troubleshotting which I have done...

    Tuesday, August 30, 2011 6:10 AM
  • he he, I see it now and everything looks good.

    Now you need to verify that the computer is a member of "Exchange Trusted Subsystem" and that this group is a member of the local administrator group.
    Martina Miskovic
    Tuesday, August 30, 2011 6:11 AM
  • Ok, but the issue is only happens when GC is not reachable, can you restart your GC and see if it helps.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 6:13 AM
  • @Martina,

    Mail Server is member of Exchange Trusted SubSystem & This groups is also member of Local Administrator Group....Any thing else...?

    Tuesday, August 30, 2011 6:16 AM
  • @Mihir.....Restart is best solution for Every IT Person so every one known this thing, GC is able to ping & telnet and also restarted 8 to 10 times,,,,

    Tuesday, August 30, 2011 6:18 AM
  • @Martina,

    Mail Server is member of Exchange Trusted SubSystem & This groups is also member of Local Administrator Group....Any thing else...?


    Ok Good!!

    Let´s go back to the permissions...(or lack of it)

    Please run the following command and post the output (replace the bold ones with your info)
    get-adpermission "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YOUDOMAIN,DC=COM" | ft -autosize

    get-adpermission "CN=YOUR_EXORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YOUDOMAIN,DC=COM" | ft -autosize


    Martina Miskovic
    Tuesday, August 30, 2011 6:23 AM
  • Hi Vishal,

    That's Great :)

    Can you make this entry in registry and restart the server ?

    ServicesPipeTimeout

    60000

    hklm\system\courrent_con_set\control

    dword 32 bit decimal

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 6:23 AM
  • @Martina,,

    Identity           User                                  Deny  Inherited
    --------           ----                                  ----  ---------
    Microsoft Exchange NT AUTHORITY\Authenticated Users      False False
    Microsoft Exchange Domain\Administrator              False False
    Microsoft Exchange Domain\SBS Mail Operators         False False
    Microsoft Exchange Domain\Exchange Domain Servers    False False
    Microsoft Exchange Domain\Organization Management    False False
    Microsoft Exchange Domain\Public Folder Management   False False
    Microsoft Exchange Domain\Delegated Setup            False False
    Microsoft Exchange Domain\Exchange Servers           False False
    Microsoft Exchange Domain\Exchange Trusted Subsystem False False
    Microsoft Exchange Domain\MAIL$                      False False
    Microsoft Exchange Domain\migration                  False False
    Microsoft Exchange Domain\Enterprise Admins          False True
    Microsoft Exchange Domain\Domain Admins              False True


    Cheers,,, Vishal C. Kalal
    Tuesday, August 30, 2011 6:34 AM
  • @Mihir, Created, let me restart the server,,
    Cheers,,, Vishal C. Kalal
    Tuesday, August 30, 2011 6:37 AM
  • Ok best of luck.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 6:38 AM
  • Mihir, no luck Same error.....also getting this error something "

    Process w3wp.exe () (PID=5368). Failed to read property AdminDisplayName (System.String) to generate automatic constraints. LDAP attribute: adminDisplayName.

     
    Vishal C. Kalal
    Tuesday, August 30, 2011 6:48 AM
  • Any Update Mihir, Gulab & Martina??
    Vishal C. Kalal
    Tuesday, August 30, 2011 6:55 AM
  • Check this article:
    http://technet.microsoft.com/en-us/library/bb288907(EXCHG.80).aspx

    Specifically Verification portion of the article:


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 7:05 AM
  • Tuesday, August 30, 2011 7:06 AM
  • any update
    --------Abhi----------------- Exchange Specialist------------- ------------------ Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
    Tuesday, August 30, 2011 7:10 AM
  • One more thing I want you to check is, in Microsoft Exchange Security Object container in ADUC...Exchange Install Domain Servers...make sure  that you have your Exchange server added in Members. And in Members Of, make sure you have Exchange Server group listed.

    Post the update.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 7:16 AM
  • Nothing like an issue on this....
    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:17 AM
  • @Vishal you wrote above

     I have modified Settings in ADSI Edit & rerun the setup & Mailbox Server is also installed.

    WHAT SETTING YOU HAVE MODIFIED ?

    You have a very strange issue, can check ADSIEDIT and see if any changes you have made whch may restrict this service to start.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 7:35 AM
  • @Gulab, Groups are available in AD, but Microsoft Exchange System Objects is avaible in Domain Container not in ADUC...would you like to move that???
    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:38 AM
  • No, no need to move anything, Yes it's on the DC but you can add the snap ins and can use ADUC on exchange Server. Anyways.
    Check on the DC in ADUC and make sure these two things are there.

    Post the update.


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 7:40 AM
  • @Mihir,

    I have checked all the settings & I don't think that is the issue bcos I have followed some blogs of MS & according to that I have modified & reviewed the settings...

    I escaleted the call to MS Support team for the same now waiting for their revert.


    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:41 AM
  • Exchange Domain Servers & Enterprise Server Groups are available in to ADUC...and mail server is part of both groups...
    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:43 AM
  • I didn't asked for EES and EDS, I asked for this:
    In ADUC... Microsoft Exchange Security Object container ...Exchange Install Domain Servers...make sure that you have your Exchange server added in Members. And in Members Of, make sure you have Exchange Server group listed.
    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 7:49 AM
  • @Mihir,

    I have checked all the settings & I don't think that is the issue bcos I have followed some blogs of MS & according to that I have modified & reviewed the settings...

    I escaleted the call to MS Support team for the same now waiting for their revert.


    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008


    So please update the status after MS resolve this issue, which may help others.

    Thanks


    Mihir Nayak
    Tuesday, August 30, 2011 7:52 AM
  • Ya..that one is also there....
    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:53 AM
  • @Mihir,

    I have checked all the settings & I don't think that is the issue bcos I have followed some blogs of MS & according to that I have modified & reviewed the settings...

    I escaleted the call to MS Support team for the same now waiting for their revert.


    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008


    Two hours of wait time, I am sure you will update the thread in 3-4 hours. :)

    Cheers,


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 7:54 AM
  • Martina or Mihir any update from your ends????
    Vishal C. Kalal | MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:57 AM
  • @Mihir,

    I have checked all the settings & I don't think that is the issue bcos I have followed some blogs of MS & according to that I have modified & reviewed the settings...

    I escaleted the call to MS Support team for the same now waiting for their revert.


    Vishal C. Kalal MCITP: Exchange 2010-2007 | Windows Server 2008


    Two hours of wait time, I am sure you will update the thread in 3-4 hours. :)

    Cheers,


    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com

    Surely....if resolved:)
    Vishal C. Kalal | MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 7:59 AM
  • Guys...

    My problem is resolve please have looks at workaround: -

    >> Checked the permission of Exchange servers using ADSIEDIT. The permission were more than what it was required. So left it as it was.

    >> Disjoined the machine from domain.

    >> Reset Exchange machine account.

    >> Rejoined the domain.

    >> As logging on would take long time, we disabled Exchange servers.

    >> Changed the startup type to default, then ran preparelegacyexhangepermissions,preparead,preparedomain.

    >> Then Connected to Schema container- "cn=schema,cn=configuration,dc=<your domain>,dc=<your domain>", changed the “Apply To” to “This object and all descendant objects” for Authenticated users.
    >> MSExchangeSA service started successfully.

    Enjoy....

    Thanks a lot to support me...


    Vishal C. Kalal | MCITP: Exchange 2010-2007 | Windows Server 2008
    Tuesday, August 30, 2011 2:03 PM
  • Hi Vishal C,

    Thanks for sharing the solution to your problem!
    It will very helpful to others who might face the same problem.

    Please mark your last post as the Answer.


    Martina Miskovic
    Tuesday, August 30, 2011 4:36 PM
  • Thanks for the update and sharing the resolution.
    Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com
    Tuesday, August 30, 2011 4:37 PM