This event indicates that the System Attendant does not have sufficient rights in Active Directory.
Sample Event:
Event Type: Warning
Event Source: MSExchangeSystem Attendant
Event Category: General
Event ID: 9157
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to ensure that the computer account is a member of the Exchange Domain Servers security group.
The Organization object in Active Directory has permissions inheritance turned off.
The domain suffix of the server does not match the Active Directory domain name.
The computer account for the Exchange Server computer has been deleted, lost, or does not have Full Control permissions to the Exchange Server computer object in Active Directory.
The Exchange Server computer might not be a member of the Exchange Domain Servers and Exchange Enterprise Servers groups.
One or more of the Exchange Enterprise Servers and Exchange Domain Servers groups are not in the USERS container. They may have been moved out of this container, or renamed or deleted. Verify there are no previous 9188 MSExchangeSA events.
The permissions set on Exchange Domain Servers might not be setup correctly.
Verify that the Organization object does not have permissions inheritance turned off.
Verify that the domain suffix of the Exchange server matched the Active Directory domain name.
Ensure that the Computer account for the Exchange Server exists and has been given Full Control permissions to the Exchange Server object in Active Directory.
Verify that the Exchange server is a member of the Exchange Domain Servers local group.
Verify the Exchange Enterprise Servers and Exchange Domain Servers are in the USERS container.
To verify permissions set on Exchange Domain Servers:
Verify that the Organization object does not have permissions inheritance turned off.
Verify that the domain suffix of the Exchange server matched the Active Directory domain name.
Ensure that the Computer account for the Exchange Server exists and has been given Full Control permissions to the Exchange Server object in Active Directory.
Verify that the Exchange server is a member of the Exchange Domain Servers local group.
Verify the Exchange Enterprise Servers and Exchange Domain Servers are in the USERS container.
To verify permissions set on Exchange Domain Servers:
Verify that the server is a member of the Exchange Domain Servers group.
Open ADSIEdit, and browse to the Microsoft Exchange Server object, which can be found by expanding the Configuration container, then expanding Services.
Get the properties on Microsoft Exchange.
Verify that the Exchange Domain Servers account is listed on the Security tab. If not, add this account.
Verify Exchange Domain Servers has Read checked for Allow permissions.
Verify that the checkbox to allow inheritable permissions at the bottom of the Security tab is checked.
Click the Advanced button.
Click the View/Edit button.
Make sure the Apply onto: drop down box is set to This object and all child objects.
Exchange Domain Servers should have the following permissions checked for Allow: List Contents, Read All Properties, and Read Permissions.
For more information about MSExchangeSA event 9157, see:
Target | Microsoft.Exchange.ExchangeComponent.SystemAttendant | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 9157 | ||
Event Source | MSExchangeSA | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft_Exchange_System_Attendant_does_not_have_sufficient_rights_to_read_Exchange_configuration_objects_in_Active_Directory__System_attendant_will_try_again_in_approximately_one_minute" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ExchangeComponent.SystemAttendant" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Channel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Application</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>MSExchangeSA</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>9157</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Microsoft_Exchange_System_Attendant_does_not_have_sufficient_rights_to_read_Exchange_configuration_objects_in_Active_Directory__System_attendant_will_try_again_in_approximately_one_minute.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>