Friday, March 21, 2008

How To Attach Slate Fireplace To Wall

Event 9548: Attribute msExchMasterAccountSid

Event ID: 9548
Source:
MSExchangeIS Type: Warning
Description: Disabled user / O = Organization / OU = SiteName / CN = RECIPIENTS / CN = USER not does have a master account SID. Please use Active Directory MMC in September to an active account as this user's master account.

Summary: A disabled user has not configured msExchMasterAccountSid attribute and generates the 9548 event in the Event Viewer.

Resolution: The event indicates that Exchange can not determine the correct SID for a user it is looking for an attribute that is not already configured.

With the ACL permissions in Exchange 2000/2003, there are two possibilities to calculate the permissions, that is, if the account is disabled or not. If the account is enabled, the permissions are calculated with the attribute objects (or sIDHistory), and otherwise calculated msExchMasterAccountSid.

therefore eligible accounts should have never set msExchMasterAccountSid attribute, however the others do.

How do we know if the attribute is not set?
With ADSIEDIT for example, you can see "Not Set".

select a user not found problem, and adsiedit.msc console, deploy the domain portion to reach to a specific user, then open its properties and check that your attribute is not set.



For a user who has this problem, we should see the same until we put the permissions to the SELF user, then check that your attribute is set.
Instead of "Not Set", we should see something like 0x01 0x01 0x00 0x00 ...

as I said, the SELF user must have two licenses that are "Full Mailbox Access" and "Associated External Account", translated into English would be "Full Mailbox Access" and "Associated External Account".

This process can be performed automatically by Nomas tool ..



We generate a log that indicates the number of accounts that have been fixed, just what this tool does is add the license. Check

: We can see in some accounts that the SELF user has configured the permissions on the users that gave errors.



Steve RENARD

Exchange Support Specialist Web: http://www.steve86.com/
Blog: http://esteban86.blogspot.com/
Posted by admin at 6:27 PM 0 comments

* Tvcenter Pro Software

Event 11: KDC - DS_SERVICE_PRINCIPAL_NAME

Summary

: There are computer accounts that have the same attribute (ServicePrincipalName) and generates the event 11 in the event viewer.

Resolution: You need to search the Active Directory with collaboration tools by applying a filter on attribute ServicePrincipalName.

The message in the event viewer tells us that: "There are multiple accounts with name HOST \\ usuario.steve.local DS_SERVICE_PRINCIPAL_NAME type.

can search with LDP or LDIFDE, I prefer the second tool in Console, the syntax is:

C: \\ Documents and Settings \\ Steve \\ Desktop \\ ldifde-fc: \\ output.txt-d "dc = steve, dc = local" -T 3268-l servicePrincipalName

then have to write the value of the event (in this case, HOST \\ usuario.steve.local) and appears several times, then we must look at what the good and what is wrong.

How can you tell?

In this case, we can see two computers that are STEVE-STEVE-DC1 and DC2 and we realize that the same attribute HOST/STEVE-DC1.steve.local is present in the second machine, So there is no duplication and to edit it with the appropriate name.

A screenshot:



Care, must be eliminated (or rather edit) and then add the name of the machine. Check

: We can do a second search to verify that there is no duplication, we must continue looking at the Event Viewer to see if they go beyond, if necessary, will follow the above steps. Steve

RENARD

Exchange Support Specialist Web: http://www.steve86.com/
Blog: http://esteban86.blogspot.com/

Posted by admin at 4:30 PM 0 comments

Friday, March 7, 2008

Natural Information Re Alzheimers

Event 2000: BLACKBERRY "ERR_SUBMIT_MAIL"

Summary: A You may not send a mail from his BlackBerry and generates event ID 2000 in Event Viewer.

Resolution: A hotfix for Microsoft changes the behavior of the permission "Full Mailbox Access" (Full Mailbox Access), above, a user who had also provided that permit the permission "Send As" (Send As).

In my case, it is Exchange 2003 with Blackberry Enterprise Server 4.1

First, we need to check the event viewer BlackBerry filtering server events such Note (the value of ID is 2000).

steve.renard @ dominio.com} {Send () failed: ERR_SUBMIT_MAIL, Tag = 33002

In this case, we can look at the level of administrative group permissions, the default is the security tab but we can activate hidden in the Windows registry.

is needed to create a DWORD "ShowSecurityPage" value 1 in the following path:
HKEY_Current_User \\ Software \\ Microsoft \\ Exchange \\ ExAdmin

Then we looked to the BlackBerry user (usually is "besadmin") has permission to send a message as another user, ie the "Send As".

By the way, we can verify that the user has access (Allow log on locally, log on as a service) in the console secpol.msc

There is also a tool SetSendAsPermission.exe "that can grant a user permission specifically, in our case besadmin:

Check

: We ask the user to send a new mail, you can also create a user profile besadmin and send on behalf of a user having this problem. Steve

RENARD

Exchange Support Specialist Web: http://www.steve86.com/
Blog: http://esteban86.blogspot.com/


Posted by admin at 5:45 PM 0 comments
Subscribe to: Comments (Atom)