Process (PID=). Exchange Server does not have Audit Security Privilege on Domain Controller . This Domain Controller will not be used by DSAccess.

Details
Product: Exchange
Event ID: 2112
Source: MSExchangeDSAccess
Version: 6.5.6940.0
Component: Microsoft Exchange Directory Access Service
Message: Process <process name> (PID=<process id>). Exchange Server <server name> does not have Audit Security Privilege on Domain Controller <server name>. This Domain Controller will not be used by DSAccess.
   
Explanation

The Exchange server specified in the event text does not have the Audit Security Privilege on the domain controller specified in the event. DSAccess will not use that domain controller until this is remedied. Possible causes include:

  • Exchange setup has not completed the “domain prep” stage for this domain, or the Recipient Update Service is not configured in this domain.
  • A permissions modification was made that caused the Exchange server to lose its permissions in Active Directory.
  • The Audit Security Privilege was lost.
   
User Action

If you have not run “domain prep” or RUS is not configured in the domain, do so. Otherwise run the utility “policytest.exe” that is located in the “Support” folder on the Microsoft Exchange CD. It will produce a list of domain controllers and will report the presence or absence of the required privilege.

If the privilege is lost, repeat the “”domain prep” step. If the privilege is found on all domain controllers, try to find out what happened to the permissions. Make sure that the Microsoft Exchange server is still a member of the “Exchange Domain Servers” group, and that group is a member of “Exchange Enterprise Servers” group. Also make sure that the group permissions are inherited by the Microsoft Exchange computer account.

A successful remedy can be confirmed by turning up DSAccess logging to at least level 1 and looking for the DSAccess 2113 event.

For more information on Security Privilege issues and the policytest.exe tool, see Microsoft Knowledge Base article 314294, XADM: Exchange 2000 Error Messages Are Generated Because of SeSecurityPrivilege Right and Policytest Issues.

Related:

Leave a Reply