MSExchange ADAccess 2112
上一次修改主题: 2011-03-19
本文对特定 Exchange 事件进行了说明并提供了可能的解决方案。如果您在此处未找到所需内容,请尝试在 Exchange 2010 帮助中进行搜索。
Details
Product Name |
Exchange |
Product Version |
14.0 |
Event ID |
2112 |
Category |
Topology |
Symbolic Name |
DSC_EVENT_NO_SACL |
Message Text |
Process %1 (PID=%2). The Exchange computer %3 does not have Audit Security Privilege on the domain controller %4. This domain controller will not be used by Exchange Active Directory Provider. |
Explanation
This Warning event indicates that the Exchange server specified in the event description does not have the Audit Security Privilege on the domain controller specified in the event description. DSAccess will not use the domain controller specified in the event description until this warning is fixed. The possible causes of this event include the following:
A recent permissions change removed the rights required for the Exchange Security Group to enable DSAccess to communicate with Active Directory.
Exchange groups such as Exchange Servers and Exchange Enterprise Servers were moved out of default Users container.
User Action
To resolve this warning, do one of more of the following:
Run the policytest.exe utility. This utility is located in the \Setup\ServerRoles\Common folder on the Microsoft Exchange Server CD. The policytest.exe utility produces a list of domain controllers and reports the presence or absence of the required privilege on these domain controllers.
If policytest.exe reports that the required privileges are found on all domain controllers, review the System log on the domain controller to try to determine the root cause of this problem.
If the policytest.exe indicates that the required privileges are not present, do the following:
Open the Microsoft Management Console and add the Group Policy Management Editor snap-in. Then, click Browse and select Domain Controllers from the Domains, OUs and linked Group Policy Objects list. Click OK twice and then click Finish. Click OK to close the Add or Remove Snap-ins window.
In the console tree, expand Local Computer Policy, Windows Settings, Security Settings and Local Policies. Under Local Policies, click User Rights Assignments.
In the results pane, double-click Manage auditing and security log. Verify that the Exchange Servers group is listed.
Make sure that the Exchange server is still a member of the Exchange Domain Servers group.
Make sure that the group permissions are inherited by the Microsoft Exchange computer account.
For more information about Security Privilege issues and the policytest.exe tool, see Microsoft Knowledge Base article 314294, XADM: Exchange 2000 Error Messages Are Generated Because of SecurityPrivilege Right and Policytest Issues.
For More Information
如果您尚未执行此操作,请考虑运行 Exchange 工具,已创建这些工具以帮助您分析 Exchange 环境并对其进行疑难解答。这些工具可帮助确保您的配置与 Microsoft 最佳实践保持一致。它们还可以帮助您识别和解决性能问题,并改进邮件流。若要运行这些工具,请转到 Exchange 管理控制台的“工具箱”节点。若要了解有关这些工具的详细信息,请参阅管理工具箱中的工具。