Manage Learn to apply best practices and optimize your operations.

Errors in DC Event Log when migrating from Exchange 5.5 to 2003

I get the following error in my DC Event Log every minute or so. I have a Win2000 domain trying to migrate from Exchange 5.5 in a NT domain to a Windows 2003/Exchange 2003 member server located in the Win2000 domain that has only 1 DC. I cannot figure out what is configured incorrectly or what permissions I do not have set correctly?

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Directory Service Access 
Event ID:	565
Date:		11/25/2003
Time:		9:55:14 AM
User:		DomainExchangeServer$
Computer:	DC Server
Object Open:
 	Object Server:	DS
 	Object Type:	configuration
 	Object Name:	CN=Configuration,DC=W2kDomain,DC=W2kDomain,DC=com
 	New Handle ID:	-
 	Operation ID:	{0,156763517}
 	Process ID:	396
 	Primary User Name:DCServer$
 	Primary Domain:	W2kDomain
 	Primary Logon ID:(0x0,0x3E7)
 	Client User Name:ExchangeServer$
 	Client Domain:	W2kDomain
 	Client Logon ID:(0x0,0x74AFF30)
 	Accesses	Control Access 
 	Privileges		-

	Manage Replication Topology
Thanks for any help you can provide.
This is a known problem with Exchange. The recipient update service (RUS) which is running on the member server points at the domain controller, which the RUS polls every minute.

When the RUS processes objects, it only processes the objects that have changed in the AD. The query that the RUS uses to find updated objects is server specific. i.e. if the RUS uses for example USNChanged>1000 on one DC, that query may not work properly on another DC. If the query doesn't work, then during failover the RUS will incorrectly skip processing some objects.

In the case where the DC fails, and the RUS needs to fail over, the RUS must be able to correct the query so that it can be issued against a different DC. To do that, the RUS must know the current domain controller's Replication Cursors. To know the Replication Cursors, the RUS needs Manage Replication Topology rights on the configuration naming context.

To resolve this problem, add the add the Exchange 2000 member server computer account to the configuration naming contect (ie "CN=Configuration,DC=Domain,DC=com") using ADSI edit and also assign the right "Manage replication topology rights"

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.