Windows 2000 Native
Mode, flat (single) domain, single site.
DC1 and DC2 are both
Windows 2000 servers w/sp3 plus all current hotfixes. Until last Sunday
(3/28), DC1 holds all FSMO roles. Both DC1 and DC2 are
GCs.
DC2 runs a service,
under localsystem, that logs into an Exchange mailbox, which is explicitly set
to allow "Domain Admins" to have "Full Mailbox Access".
Everything works fine.
Two Wednesdays
ago (3/24), a Windows 2003 DC (DC3) was introduced into the mix. It was allowed
to be there for five days to ensure no problems happened.
Last Sunday (3/28),
all FSMO roles were moved to DC3.
This Wednesday
(3/31) the service running on DC2 suddenly reports that it can't log into the
Exchange mailbox anymore. After a restart it reports the same thing. After a
reboot it reports the same thing.
It took changing the
service account to a domain admin account for the service to start operating
again.
Two
questions:
1) Just WTF?
:-)
2) Should I have
expected that transferring FSMO roles would affect how permissions of
localsystem on a DC were applied?
3) Why the 3 day
delay?
(yeah yeah, I know
that was three, not two, but the first one was really
specious.)
Thanks,
Michael
