locked
LsaOpenPolicy returned error 1722 RRS feed

  • Question

  • new exchange 2003 server was added to environment , we I ran policytest I got this results " LsaOpenPolicy returned error 1722"  from different AD sites ,

    server is in Enterprise and domain exchange servers ,

    when I asked windows guys about the topology they told me that the site where this server in can communicate only with other site where other exchange servers located , please is this consider as topology limitation , from client side there should be no problem clients can initiate connection to this server , I guess that is enough for client/server ,

    my question could be is this configuration on network topology cause problem for exchange ?

    also this Exchange server needs to initialize a connection to clients/DCs or if the initialization of connection on client/DC side is enough 

    Thanks in advance 

    Monday, October 22, 2012 9:43 AM

Answers

  • Hello Rich , 

    you are right GC won't have all the info !! , I tested moving some test mailboxes to the new server , mailflow seems fine , OWA , etc 

    trying also to test BB but I don't have device to test with but that another issue :(

    For EXbpa didn't mention anything about the issue !

    please my question again because this is a staging server for migration  to exchange 2007 in different forest , should I worry about this topology in near future 

    This AD miss I cannot control right now , I have to work around it 

    Thanks    

    • Marked as answer by X-Changer Monday, October 22, 2012 7:18 PM
    Monday, October 22, 2012 5:03 PM
  • On Mon, 22 Oct 2012 17:03:39 +0000, X-Changer wrote:
     
    >you are right GC won't have all the info !! , I tested moving some test mailboxes to the new server , mailflow seems fine , OWA , etc
    >
    >trying also to test BB but I don't have device to test with but that another issue :(
    >
    >For EXbpa didn't mention anything about the issue !
    >
    >please my question again because this is a staging server for migration to exchange 2007 in different forest , should I worry about this topology in near future
    >
    >This AD miss I cannot control right now , I have to work around it
     
    I can see problems with the design if there are mailboxes or
    mail-enabled objects in the inaccessible DCs, espcially if the DCs are
    in different AD domains.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by X-Changer Monday, October 22, 2012 7:18 PM
    Monday, October 22, 2012 7:12 PM

All replies

  • On Mon, 22 Oct 2012 09:43:12 +0000, X-Changer wrote:
     
    >
    >
    >new exchange 2003 server was added to environment , we I ran policytest I got this results " LsaOpenPolicy returned error 1722" from different AD sites ,
    >
    >server is in Enterprise and domain exchange servers ,
    >
    >when I asked windows guys about the topology they told me that the site where this server in can communicate only with other site where other exchange servers located , please is this consider as topology limitation , from client side there should be no problem clients can initiate connection to this server , I guess that is enough for client/server ,
     
    How will Exchange be able to get information from the DCs in the other
    sites? Not all the information is present in the GC.
     
    >my question could be is this configuration on network topology cause problem for exchange ?
     
    What does the Exchange Best Practices Analyzer have to say about it?
     
    >also this Exchange server needs to initialize a connection to clients/DCs or if the initialization of connection on client/DC side is enough
     
    If information is needed from a DC (becasue it isn't present in the
    GC) then a connection will be necessary.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, October 22, 2012 3:42 PM
  • Hello Rich , 

    you are right GC won't have all the info !! , I tested moving some test mailboxes to the new server , mailflow seems fine , OWA , etc 

    trying also to test BB but I don't have device to test with but that another issue :(

    For EXbpa didn't mention anything about the issue !

    please my question again because this is a staging server for migration  to exchange 2007 in different forest , should I worry about this topology in near future 

    This AD miss I cannot control right now , I have to work around it 

    Thanks    

    • Marked as answer by X-Changer Monday, October 22, 2012 7:18 PM
    Monday, October 22, 2012 5:03 PM
  • On Mon, 22 Oct 2012 17:03:39 +0000, X-Changer wrote:
     
    >you are right GC won't have all the info !! , I tested moving some test mailboxes to the new server , mailflow seems fine , OWA , etc
    >
    >trying also to test BB but I don't have device to test with but that another issue :(
    >
    >For EXbpa didn't mention anything about the issue !
    >
    >please my question again because this is a staging server for migration to exchange 2007 in different forest , should I worry about this topology in near future
    >
    >This AD miss I cannot control right now , I have to work around it
     
    I can see problems with the design if there are mailboxes or
    mail-enabled objects in the inaccessible DCs, espcially if the DCs are
    in different AD domains.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by X-Changer Monday, October 22, 2012 7:18 PM
    Monday, October 22, 2012 7:12 PM