A high number of ACL upgrade failures are occurring
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool queries the Win32_PerfRawData_MSExchangeIS_MSExchangeIS Microsoft Windows® Management Instrumentation (WMI) class to determine the current value of the ACLUpgradefailures key. The ACLUpgradefailures key represents the ACL Upgrade: failures performance counter under the MSExchangeIS performance object.
If the Exchange Server Analyzer finds that the value for the ACLUpgradefailures key is larger than 500, the Exchange Server Analyzer displays a warning.
This warning indicates that the Exchange server has reported many access control list (ACL) upgrade failures. Excessive ACL upgrade failures can cause severe performance problems that include random stops in the Information Store process (store.exe).
ACL upgrade failures can occur for a variety of reasons and are known to occur when the following conditions are true:
In a mixed mode Exchange organization, the Exchange Server version 5.5 consistency adjuster was not run before you implemented the Active Directory Connector (ADC) server. The Exchange Server 5.5 consistency adjuster removes orphaned ACLs.
Active Directory replication is not working correctly.
Active Directory Connector replication is not correctly replicating accounts over from Exchange Server 5.5 to Active Directory.
There was an incorrect migration of user accounts.
Review the Microsoft Knowledge Base article 812963, "Using the Ignore Zombie Users Registry Key" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=812963).
After you understand the implications of using the Ignore Zombie Users registry key, add the key at your own discretion.
Run the Exchange Server Analyzer or monitor the ACL Upgrade: failures performance counter to look for excessive ACL upgrade failures.