Could not read the Security Descriptor from the Exchange Server object
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this event, do one or more of the following:
Review the description of the event that includes the variables specific to your environment. From the Operator Console, select this alert, and then click the Properties tab.
Review all events that have been logged that meet the criteria of this Operations Manager alert. From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
8365 |
Event Source |
MSExchangeAL |
Alert Type |
Critical Error |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Mailbox/System Attendant |
MOM Rule Name |
Could not read the Security Descriptor from the Exchange Server object. The Proxy Address Calculation RPC interface will not be available on the local Exchange Server. |
Explanation
This Error event indicates that the security descriptor for Microsoft Exchange with globally unique identifier (GUID) %1 could not be read from the Active Directory directory service. This server will not be able to calculate proxy addresses for new mailboxes added to the server. This error is usually encountered when the Exchange server is not a member of the Exchange Servers group in the Microsoft Exchange Security Groups in Active Directory or Active Directory replication latency is causing the discrepancy in group membership.
User Action
To resolve this error, do one or more of the following:
Review the System and Application event logs for related events. For example, events that occur immediately before and after this event may provide more information about the root cause of this error.
Open an Exchange Command Shell and execute the following command:
Get-ExchangeServer | fl name,guid (where name is the Exchange server name and guid is the GUID)
This command will match the GUID to the Exchange server name.
Verify that the Exchange server is a member of the Exchange Servers group.
If the Exchange server is a member of the Exchange Servers group, have the domain administrators verify that Active Directory replication is current in the Microsoft Windows site.
If Active Directory replication is up to date, run the tools that Exchange offers to help administrators analyze and troubleshoot their Exchange environment. Open the Toolbox node of the Exchange Management Console to run these tools.
If you cannot resolve this error, or you experience other problems or mail flow interruptions in your Exchange environment after trying to resolve this error, contact Microsoft Product Support. For information about contacting support, visit the Contact Us page of the Microsoft Help and Support Web site.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.