After you install Exchange Server, the following event may be logged in the application event log:
Event Type: Error
Event Source: MSExchangeMU
Event Category: General
Event ID: 1029
Description: Failed to replicate the security descriptor to the metabase. Users may not be able to read or write data to the metabase. Error code is 8000500d.
This behavior can occur because the Exchange Enterprise Servers security group does not have Manage auditing and security logs permissions.
To resolve this behavior run setup /domainprep, and then use the Policytest utility (Policytest.exe) that is provided on the Exchange Server CD to verify that the permissions are set. Also, use the Local Security Policy tool in the Administrative Tools group to verify that the Exchange Enterprise Servers security group has rights on the Manage auditing and security logs. Make sure the Exchange Enterprise Servers security group has an Effective Policy setting. To do so:
In the Local Security Policy tool folder, click to expand Local Policies.
Click to expand User Right Assignments and then double-click Manage auditing and security logs.
Make sure that the Effective Policy Setting check box is selected for the Exchange Enterprise Servers security group.
For more information about MSExchangeMU event 1029, see:
Target | Microsoft.Exchange.ExchangeComponent.SystemAttendant | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 1029 | ||
Event Source | MSExchangeMU | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Failed_to_replicate_the_security_descriptor_to_the_metabase__Users_may_not_be_able_to_read_or_write_data_to_the_metabase" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ExchangeComponent.SystemAttendant" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Channel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Application</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>MSExchangeMU</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1029</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Failed_to_replicate_the_security_descriptor_to_the_metabase__Users_may_not_be_able_to_read_or_write_data_to_the_metabase.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>