Re: MSExchangeSA errors

From: dm <dmihalko@xxxxxxxxxxx>
Date: Thu, 21 Apr 2005 11:29:24 -0400

Actually i just thought of something... maybe i am removing and re-adding to the group too quickly. i should double check to make sure replication in AD occurs before i restart services.

just a thought...
-dustin

dm wrote:

Hi,

Well of course there are logon failures on the exchange server, but the only
one that is somewhat interesting is this:
===============================================
Logon Failure:
Reason: An unexpected error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
===============================================
These dont occur quite often at all... like 3 a day.
all the other ones are users trying to log into OWA or POP and just cant
type i guess.

The default domain policy for user rights was not defined, so i figured it
would be a good thing to do that.  As for the local policy, the following
users are in there...
==========================
servername\aspnet
servername\iuser_servername
servername\iwam_servername
everyone
users
power users
backup operators
administrators
==========================
but this doesnt really matter, because domain policies override local
policies.

ill refresh the policy, remove from the Domain Exchange Servers, and restart
the services later this evening and will keep you posted.

Thanks,
-Dustin


"Nagendra Sitharamaiah [MSFT]" <nagsi@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:u%23EZBedRFHA.1528@xxxxxxxxxxxxxxxxxxxxxxx

Hello,
Please check if there are some Logon Failure auditing events in the


security

log. The event you are looking for would be as shown below:
=============================================
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
User:  NT AUTHORITY\SYSTEM
Description:
Logon Failure:
Reason: The user has not been granted the requested logon type at this
machine
Domain:  <Domain name>
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: <Workstation name>
=============================================

If Logon/Logoff auditing is not turned on, do so by following the


procedure

mentioned in the following KB Article:

257225 IPsec troubleshooting in Microsoft Windows 2000 Server :
http://support.microsoft.com/?id=257225

If you see many 534 events like the one above, it means the "Access this
computer from teh network" rights has been restricted to a few


users/groups

in the Local Computer Policy or the Default Domain Policy. This right is

one

among the rights listed under "Local policies" \ "User Rights Assignment".
Ensure that this right is assigned to Authenticated Users.

Regards
--
Nagendra Sitharamaiah
MCSE, CCNA, MCT, CISSP
Microsoft
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
This posting is provided "AS IS" with no warranties, and confers no


rights.

Please do not send email to this address, post a reply to this newsgroup.

"dm" <dmihalko@xxxxxxxxxxx> wrote in message
news:OQxfTPcRFHA.252@xxxxxxxxxxxxxxxxxxxxxxx

Hi everyone. Im kinda getting frustrated with this. I am running


exchange

2003 sp1 and getting the following errors:
-Microsoft Exchange System Attendant failed to add the local computer as

member of the DS group object 'cn=Exchange Domain
Servers,cn=Users,dc=componentone,dc=com'.

Please stop all the Microsoft Exchange services, add the local computer
into the group manually and restart all the services.

-Microsoft Exchange System Attendant has detected that the local


computer

is not a member of group 'cn=Exchange Domain
Servers,cn=Users,dc=componentone,dc=com'. System Attendant is going to

add

the local computer into the group.

so after researching into it i have followed this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;271335


weird thing is... the error still comes back, no matter what i do.
- I removed and re-added to the Exchange Domain Servers security group.
- I restarted all exchange services.
- I rebooted
- I put it back into the original OU, restarted services.
- I removed and re-added to the Exchange Domain Servers security group.
- I rebooted

did this many times, and i just cant get rid of the error. everything
works fine, i just hate errors in my event logs.

anyone have any ideas?

References:
- MSExchangeSA errors
  - From: dm
- Re: MSExchangeSA errors
  - From: Nagendra Sitharamaiah [MSFT]
- Re: MSExchangeSA errors
  - From: dm

Prev by Date: Re: MSExchangeSA errors
Next by Date: Re: Exchange 5.5 disaster recovery
Previous by thread: Re: MSExchangeSA errors
Next by thread: Who posted on Public Folder
Index(es):
- Date
- Thread

Relevant Pages

Re: MSExchangeSA errors
... Well of course there are logon failures on the exchange server, ... > Please check if there are some Logon Failure auditing events in the ... > in the Local Computer Policy or the Default Domain Policy. ...
(microsoft.public.exchange.admin)
The user has not be granted the requested logon type at this machine
... Computer: <My Web Server> ... due to the following error: Logon failure: the user has not been granted the ... requested logon type at this computer. ...
(microsoft.public.inetserver.iis.security)
Security problem
... some security issues with the our exchange 2003 server only. ... If I remote desktop into the exchange server or login at the machine, ... Logon Failure: ... Caller User Name: EXCHANGE$ ...
(microsoft.public.exchange.admin)
Cant delegate/share to a group
... I am running Exchange 2000 SP3 on SBS 2000 on a network with one server box. ... The client operation failed". ... Successful Network Logon: ...
(microsoft.public.exchange2000.general)
Cant delegate/share to a group
... I am running Exchange 2000 SP3 on SBS 2000 on a network with one server box. ... The client operation failed". ... Successful Network Logon: ...
(microsoft.public.backoffice.smallbiz2000)