As per Microsoft: "This issue may occur if the Exchange Enterprise Servers security group does not have Manage auditing and security logs permissions on the domain controller. The Exchange Enterprise Servers group must have Manage auditing and security logs permissions on all the domain controllers in the domain". See ME328662
to fix this problem.
This issue may also occur if the Exchange server is not listed as a member of the Exchange Domain Servers group. See ME327844
for more details.
From a newsgroup post: "This issue seems related to the DSAccess of Exchange. MSExchangeDSAccess is the core component of Exchange, which detects the AD topology. DSAccess related issues are usually complex and time consuming, as it has multiple causes, such as AD problems, network problems or Exchange miss-configuration. Based on my research, I suggest you try the following steps to narrow down the issue:
Step 1: Verify DSN settings on Exchange.
On the Exchange 2003 server, run "ipconfig /all" command at the command prompt. Verify that the DNS server is correct.
Step 2: Verify the healthy of DCs/GCs.
1. Use LDP to connect to the DCs by port 389. LDP utility is included in Windows 2000/2003 supporting tools. To do this:
- Click Start -> Run, input ldp.exe and press Enter.
- Click Connection -> Connect.
- Type the server name of the domain controller that you want to connect to, and the port 389.
2. Repeat the same steps to use LDP to connect to the GCs at port 3289.
Step 3: Checking Service Principal Names (SPN) for LDAP.
1. Download the Setspn utility.
2. Run the setspn utility to list the registered Services Principal Names on the Exchange Virtual Server:
setspn -l <Exchange Virtual Server name>
3. Verity if you can see entries about Service Principal Names (SPN) for LDAP. If not, please continue with the following steps to register them manually:
setspn -a ldap/<Exchange Virtual Server name> <Exchange Virtual Server name>
setspn -a ldap/<Exchange Virtual Server name>.xxxxxx.local <Exchange Virtual Server name>
The format is much similar to the entries below which you can see by setspn –l <Exchange Virtual Server name> command.
exchangeMDB/<Exchange Virtual Server name>
exchangeMDB/<Exchange Virtual Server name>.xxxxxx.local
Step 4: Verifying DSAccess detection setting.
1. Start the Exchange System Manager.
2. Navigate to the Exchange 2003 server object, and open its Properties.
3. On the Directory Access tab, check if all the DCs/GCs are listed properly. Make sure the option "Automatically discover servers" is checked".
, and MSEX2K3DB
for additional information on this event.