Going into "Advanced" on which folder exactly? ? CN=Address Lists Container"?
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 22:38 To: [email protected] Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Victor, I will dare that your problem with /forestprep will be solve untill you grant the right accesses for authenticated users. The user able to launch the setup.exe /forestprep must be member of entreprise and schema admin *AND* also member of authenticated users, But, authenticated users are not present in your ACLs so the setup could not find ANY lists, that probably mention by "...Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children..." So, what i would suggest u to do is: 1) "Did you go into "Advanced" and ensure that "Allow inheritable..." is checked?" as Michael B. Smith stated earlier. If no, then check it. 2)If that not resolves your pb, use the at /interactive with dsacls switch as stated in MS KB; in order to add/grant authenticated users with the right aces to your lists. 3) then check if an autehnticated users *CAN SEE* the GAL + all @ lists. 4) if it's ok, launch the setip /forestprep command with a user -> that has full admin exchange at the org. level, ->that is member of the entreprise + schema groups. 5) if that works launch setup /domainprep. 6) At last, check if the system attendant is working fine for 10-15mn. 7) if that works, u won !!! Yann _____ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 21:58 À: [email protected] Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I am going to try that, nice one. I am still puzzled why I cannot run forestprep. Can anybody tell me what I have to do to be able to run forestprep without any errors? _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 20:53 To: [email protected] Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Yes. 1)go to start -> execute and type cmd.exe 2) Then will have to type this command "at <your_local_time + 1mn> /interactive cmd.exe" (without quote). Example: if your local time is 20:05, then you will type "at 20:06 /interactive cmd.exe" This will open an other instance of cmd.exe 1 mn after your local time. This second instance of cmd.exe is running under the local system account, type whoami and u will see it. 3) at the second instance of cmd.exe, launch ESM [1] or type DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO [1]: after reading the whole KB, I will use the dsacls command suggested by the KB because , the command will do the job for u as resetting the good ACEs for Authenticated Users. Yann _____ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 20:05 À: [email protected] Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Okay, so you start ESM with local system properties. Does that mean you have to start ESM from that same command prompt window? _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 19:28 To: [email protected] Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared To right answer your question : Yes. I use ESM instead of dsacls because I get use granting ACL with GUI .... :o) Yann _____ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 16:48 À: [email protected] Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Thanks for your fast reply Yann! Do you mean to run the command which resets the permissions for the Authenticated users under local system priviliges? Cheers, Victor _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 16:30 To: [email protected] Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, The only way to revert your organization accessible is to run the command under "Local System" privileges by passing this command in a command line windows as this: c:\>at <time> /interactive cmd.exe Ex : c:\>at 12:00 /interactive cmd.exe So at 12:00, a command prompt will appear with "Local System" privileges ( type whiami to be sure). Tip: if you connect to your server via RDP, the command will not be interactive and the command shell will not appear unless you active the /console in your RDP conection. However, just open a session directly to you r exchange server. Now you can open properly ESM with "Local System" privileges, and give full access to a user at the organisation level. After regainning total access to your exchange oraganisation server, run a /forestprep and /domainprep for the Systeme attendant to be in a stable state. Let us know if that works for you. Cordialement, Yann TIROA Centre de Ressources Informatique. Campus Scientifique de la DOUA. Bât. Gabriel Lippmann - 2 ème étage - salle 238. 43, Bd du 11 Novembre 1918. 69622 Villeurbanne Cedex. Web: www.univ-lyon1.fr _____ De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W. Envoyé : lundi 6 février 2006 16:05 À : [email protected] Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. >From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". >From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again". I took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39] Creating organization address books [09:30:39] Entering CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs [09:30:39] CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx: 1815) Error code 0X80071392 (5010): The object already exists. [09:30:39] Leaving CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs [09:30:39] CAtomOrgCtChildren::ScAddDSObjects (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx: 192) Error code 0X80071392 (5010): The object already exists. [09:30:39] Leaving CAtomOrgCtChildren::ScAddDSObjects [09:30:39] mode = 'ForestPrep' (61965) CBaseAtom::ScSetup (f:\titanium\admin\src\udog\setupbase\basecomp\baseatom.cxx:842) Error code 0X80071392 (5010): The object already exists. [09:31:23] >>>>>>>>>> Setup encountered a fatal error during Microsoft Exchange Forest Preparation of ForestPrep component task. -- ID:62237 -- CBaseComponent::ScSetup (f:\titanium\admin\src\udog\exsetdata\components\forprep\compforprep.cxx:513 ) Error code 0X80071392 (5010): The object already exists. [09:31:23] Entering CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup [09:31:23] Leaving CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup [09:31:23] CCompForestPrep::ScSetup" I found an MS article that address the error 0x80071392 message, but I wonder if this is relevant for my case. http://support.microsoft.com/default.aspx?scid=kb;en-us;296938 That article talks about Domain prep and domain prep runs just fine (I ran domain prep anyway but it doesnt resolve the problem). The article also talks about renaming the Exchange System Objects OU and the fact that renaming it isnt possible if the Objectclass attribute of that OU has the value msExchSystemObjectsContainer. Even though in my case the OU has indeed got an Objectclass attribute, I can rename it anyway. I tried renaming this OU and ran forestprep again but still the same stop error. I wunder if I really renamed this OU, I mean I can right click it and rename it but the article says that it isnt possible, so I was wondering if it had really been renamed. I tried to remove the value of the Objectclass attribute but this gave me an errormessage telling me that this was an invalid operation, so I stopped there, not wanting to mess up anything. The System State backup the firm has, is one from last night and the problem occured a week ago so restoring AD in that sense is unfortunately not an option. I hope anybody can help me further with this. It should at least be possible to run forestprep or perhaps there are even other suggestions about handling this problem. Cheers and many thanks in advance, Victor _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: vrijdag 3 februari 2006 10:12 To: [email protected] Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi Victor, I just had this issue last week ! The All Address Lists has disapeared from ESM !!! In fact "someone" (saw in security event log of my DC) who has the full exchange admin on the organisation has made an error and deleted the "All Address Lists", then he tried to recreate it but could not due to some replication issues, and a collision occured ! So i wanted to confirm this by I opening ADSIEDIT, go to "CN=LostAndFoundConfig,CN=Configuration,DC=mydomain,,DC=fr", i saw that the List was there but suffixed with a CNF as this: "CN=All Address ListsCNF;feffgee....", same as all chid lists and my personnal @ lists. So that telling that the lists was duped, and due replication issue, a collision occured. So I deleted the the duped lists, ran forestprep, and the "All Address Lists" appeared in ESM. For your issue, you have also lost the GAL, so do not forget to check: 1) that the GAL is associated to the Offline GAL in ESM. 2) rebuild the Offline GAL. One issue i had is for Outlook 2k3 in cache mode: 1) For those clients that are configured in cache mode (.ost and .oab), you must force your client to download the GAL + All Address Lists +GAL. 2) For those that are configured in cache mode (only .ost), you also must to force the download of the GAL. Hope that helps. Yann _____ De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W. Envoyé : vendredi 3 février 2006 09:11 À : [email protected] Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Thanks Michael and Tony, I will try it and will let you know the outcome. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: vrijdag 3 februari 2006 2:04 To: [email protected] Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared As Tony said, if they are deleted and you need the specific contents back, an authoritative restore is your appropriate response. If the defaults work for you, you might just try rerunning forestprep and domainprep, then touching each store setting the GAL for the store. I have seen security changes make them "appear" to disappear. adsiedit.msc is where you go to deal with that....(although, again, rerunning forestprep and domainprep will probably take care of it for you) _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Thursday, February 02, 2006 4:26 PM To: [email protected] Subject: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared What if the containers mentioned in the subject title are 'suddenly' missing in ESM? I have not checked (via adsiedit) if they are still in the Config.Nam.Context cause I just heard this and have not had the chance to actually look at it. If they are gone from the conf.nam.cont. how can I get these folders back and what if they are visible there but not in ESM. Any help is greatly appreciated.
<<attachment: winmail.dat>>
