The 'Manage auditing and security log' permission is removed from the Exchange Servers group on one or more domain controllers
Applies to: Operations Manager Management Pack for Exchange 2010
Topic Last Modified: 2011-11-01
The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.
To learn more about this alert, in Operations Manager, do one or more of the following:
From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.
From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the logged events that meet the criteria of this Operations Manager alert.
Details
Product Name |
Exchange |
Product Version |
14.0 (Exchange 2010) |
Event ID |
6006 |
Event Source |
MSExchange SACL Watcher |
Category |
KHI |
Alert Type |
Warning |
Rule Path |
Microsoft Exchange Server/Exchange 2010/Common Components/Active Directory Access |
Rule Name |
The 'Manage auditing and security log' permission is removed from the Exchange Servers group on one or more domain controllers. |
Explanation
This Warning event indicates that the "Manage auditing and security log" permission (SeSecurityPrivilege) was removed from the Exchange Enterprise Servers group on some domain controllers or on all domain controllers. The Exchange Enterprise Servers group must have the "Manage auditing and security log" permission on all domain controllers in the domain.
User Action
For More Information
To resolve this problem, see Microsoft Knowledge Base article 896703, Issues that may occur when the "Manage auditing and security log" permission is removed from the Exchange Enterprise Servers group in Exchange 2000 Server.