Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Error: 50 (Insufficient Rights)

145 views
Skip to first unread message

HP

unread,
Jun 22, 2005, 2:41:02 PM6/22/05
to
Hi, my users cant log on to live with messenger 5.1, the error is:

Encountered an unrecognized error while processing users from a domain. This
error caused User Replicator to abort synchronization of this domain.
Synchronization will be retried for this domain. If this domain is not
enabled for Live Communications Server, then this warning can be ignored.

The ID of this error is: 30011

I need help, thaks

Bob Christian

unread,
Jun 22, 2005, 2:46:01 PM6/22/05
to
Can you explain a little about your forest and domain topology?
What version of LCS are you using?
Have you done a domain prep and a domain add, if this is a subordinate
domain?

Bob


"HP" <H...@discussions.microsoft.com> wrote in message
news:1408CBB7-91FD-4B76...@microsoft.com...

HP

unread,
Jun 22, 2005, 2:55:09 PM6/22/05
to
OK, i have one root domain only, on 2 servers
the version is Standar 2005
Yes, i had, in fact it was working, but suddenly it wasn´t

Thanks

Bob Christian

unread,
Jun 22, 2005, 4:41:25 PM6/22/05
to
Do you have any errors in the event logs on the LCS 2005 server?

Has anything changed with your infrastructure? Addition of servers,
firewall change, router upgrade, etc.

Bob
"HP" <H...@discussions.microsoft.com> wrote in message

news:82C0BB33-A90E-46EE...@microsoft.com...

Serkan Kutan [MSFT]

unread,
Jun 22, 2005, 7:41:49 PM6/22/05
to
This means that user replicator does not have the necessary rights. I am
pasting information that may help. This will be available in SP1 reference
guide.

. I see a User Replicator event talking about an unrecognized error while
processing users from a domain. How do I fix this problem?

First, determine if the domain listed in the event is one that you care
about. Since User Replicator defaults to a mode in which it queries all
domains for LCS 2005 enabled users, the listed domain may not be one in
which you expect or desire User Replicator to find LCS 2005 enabled users.
If you do not care about the domain in question, then either ignore the
event when it occurs, or specify a list of domains User Replicator should
poll and leave this domain out. Otherwise, this is a valid domain that User
Replicator is trying to pull users from and encountered an error. If the
event text does not give enough information to pinpoint the problem, the
first thing to examine is permissions. User Replicator requires the ability
to read set of attributes on a given user object such as

objectSid

telephoneNumber

mail

displayName

isDeleted

msRTCSIP-OriginatorSid

msRTCSIP-PrimaryUserAddress

msRTCSIP-PrimaryHomeServer

msRTCSIP-UserEnabled

msRTCSIP-FederationEnabled

msRTCSIP-InternetAccessEnabled

msRTCSIP-ArchivingEnabled

...

The account User Replicator runs under (a member of the RTCHSDomainServices
group) should have been given read permissions to all the user objects in
the domain in question as a part of enabling that domain for LCS 2005.
However, since Active Directory permissions are configurable, it is possible
to break the permissions User Replicator requires.

Testing Permissions:

A good way to test this is to run an Active Directory browsing tool (ldp.exe
or adsiedit.msc, for example) under the same account that rtcsrv.exe runs
under using the runas command. Use the tool to browse to the user/contact
object DN in question. You should be able to see all msRTCSIP-* attributes
if they are set. Whatever error/permission issue the tool encounters is the
same error that User Replicator would have encountered. If you resolve the
errors encountered by the tool, you will likely resolve the errors with User
Replicator. The problem usually is the result of some permission setup
specific to the customer. If Active Directory is in lock-down mode or
inheritance is disabled, see the "Deployment Guide" for details in adding
the extra permissions required.


Serkan
--


This posting is provided AS IS with no warranties, and confers no rights.
Please do not send e-mails to the sender directly; use the group address
instead.

"Bob Christian" <BobChr...@removethis.gmail.com> wrote in message
news:%23i5%23Br2dF...@TK2MSFTNGP15.phx.gbl...

HP

unread,
Jun 23, 2005, 11:29:08 AM6/23/05
to
It is working, thank you Serkan

My users can log on now

Thanks, bye!

"Serkan Kutan [MSFT]" wrote:

> This means that user replicator does not have the necessary rights. I am
> pasting information that may help. This will be available in SP1 reference
> guide.
>

> .. I see a User Replicator event talking about an unrecognized error while

> processing users from a domain. How do I fix this problem?
>
>
>
> First, determine if the domain listed in the event is one that you care
> about. Since User Replicator defaults to a mode in which it queries all
> domains for LCS 2005 enabled users, the listed domain may not be one in
> which you expect or desire User Replicator to find LCS 2005 enabled users.
> If you do not care about the domain in question, then either ignore the
> event when it occurs, or specify a list of domains User Replicator should
> poll and leave this domain out. Otherwise, this is a valid domain that User
> Replicator is trying to pull users from and encountered an error. If the
> event text does not give enough information to pinpoint the problem, the
> first thing to examine is permissions. User Replicator requires the ability
> to read set of attributes on a given user object such as
>
>
>
> objectSid
>
> telephoneNumber
>
> mail
>
> displayName
>
> isDeleted
>
> msRTCSIP-OriginatorSid
>
> msRTCSIP-PrimaryUserAddress
>
> msRTCSIP-PrimaryHomeServer
>
> msRTCSIP-UserEnabled
>
> msRTCSIP-FederationEnabled
>
> msRTCSIP-InternetAccessEnabled
>
> msRTCSIP-ArchivingEnabled
>

> ....

0 new messages