Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ID no: c10308a2 error message when you use the Active Directory Users and

122 views
Skip to first unread message

Maniac

unread,
Feb 28, 2006, 8:12:47 AM2/28/06
to
Hi all.
I still have a problem :(
"ID no: c10308a2" error message when you use the Active Directory Users and
Computers snap-in to remotely add or edit an e-mail address for a
mail-enabled user in Exchange Server 2003"

sc sdset SCMANAGER
D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
not help to achieve this goal

Nuevo

unread,
Feb 28, 2006, 8:21:26 AM2/28/06
to
Is this error from multiple machines? All XP I assume. Have you tried
reinstalling the Exchange Management tools?

Nue
"Maniac" <man...@remove.hotbox.ru> wrote in message
news:e28DtiGP...@TK2MSFTNGP10.phx.gbl...

Maniac

unread,
Feb 28, 2006, 8:33:17 AM2/28/06
to
I tried reinstall tools this not help.
If i use enterprise and full exchange admin account in this workstation all
work correct
If i use delegated admin account which have full controll in user object, i
occur this problem.
I can't delegate to this user more rights, before i install sp1 to this
server all works correctly


"Nuevo" <imane...@gmail.com> сообщил/сообщила в новостях следующее:
news:OAiHlnGP...@TK2MSFTNGP11.phx.gbl...

Joe

unread,
Feb 28, 2006, 8:59:31 AM2/28/06
to
I'm pretty sure Microsoft is aware of this problem - basically, when things
are updated to Windows 2003 SP1 there are some issues with people who are not
administrators, but have rights to create things in AD, managing e-mail
addresses. They had a KB article, 905809, that described the fix below, but
they pulled, probably because it didn't really fix the issue. Keep searching
the online KB for c10308a2, something should be posted soon.

Joe

Nuevo

unread,
Feb 28, 2006, 10:51:46 AM2/28/06
to
Did you apply a service pack or update to Exchange prior to this problem
starting?

Nue

"Joe" <J...@discussions.microsoft.com> wrote in message
news:38AE1154-AD95-43BA...@microsoft.com...

Joe

unread,
Feb 28, 2006, 11:22:49 AM2/28/06
to
We started noticing the problem after completing the roll out of Windows 2003
SP1 on the Exchange Servers, that along with the text of the KB article
905809 (which you can't get anymore) has me pretty convinced that SP1 caused
the issue, but not 100%. A week or so after installing Windows 2003 SP1, we
started getting calls from some of those who have AD rights, but are not
administrators on the Exchange servers.

I sure hope the come up with something soon, right now, me and the other
engineer are stuck with making changes to proxy addresses, creating external
contacts, and so on.

If you want the text of that article, let me know

Joe

Maniac

unread,
Mar 1, 2006, 2:10:27 AM3/1/06
to
KB article 905809 is unaviable. Can you post text of that article here?
Thanks.

"Joe" <J...@discussions.microsoft.com> сообщил/сообщила в новостях следующее:
news:002667D4-0A59-488E...@microsoft.com...

Maniac

unread,
Mar 1, 2006, 4:24:34 AM3/1/06
to
I fix this, thanks all!!! :)
"Maniac" <man...@remove.hotbox.ru> сообщил/сообщила в новостях следующее:
news:%232gR58P...@TK2MSFTNGP12.phx.gbl...

Joe

unread,
Mar 1, 2006, 10:40:27 AM3/1/06
to
Article ID: 905809
Article Last Modified on 10/31/2005
________________________________________
APPLIES TO
• Microsoft Exchange Server 2003 Standard Edition • Microsoft Exchange
Server 2003 Enterprise Edition ________________________________________

SYMPTOMS
You are running Microsoft Exchange Server 2003 on a server that has
Microsoft Windows Server 2003 Service Pack 1 (SP1) installed. When you use

the Active Directory Users and Computers snap-in to remotely add or edit an

e-mail address for a mail-enabled user, you receive the following error
message.
An Exchange server could not be found in the domain. Check if the Microsoft
System Attendant service is running on the Exchange Server. ID no: c10308a2
Microsoft Active Directory - Exchange Extension Additionally, you receive
this error message if the following conditions are true:
• You remotely connect to Exchange Server 2003 by using Exchange System
Manager.
• The remote Exchange server does not have the local administrator identity.
CAUSE
This problem occurs if the following conditions are true:
• Users are delegated Exchange Server administrator roles.
• The users who are delegated Exchange Server administrator roles are not
members of the Domain Admins group or the Local Admins group on the Exchange
server.
Therefore, the users cannot log on to the Exchange server.

Windows Server 2003 SP1 limits the ability of users who are not
administrators to remotely access the Service Control Manager (SCM).
Therefore, Exchange System Manager or the Active Directory Users and
Computers snap-in cannot determine the Exchange Server services that are
running.

Note This problem does not occur if Windows Server 2003 SP1 is not installed
on the Exchange server.

WORKAROUND
To work around this problem, follow these steps.

Step 1: Use the Sc.exe tool to grant sufficient permissions to Authenticated
Users Use version 5.2.3790.1830 of the Sc.exe tool that is located in the
%windir%\system32 folder. The Sc.exe tool restores the functionality that
lets you add or edit an e-mail address for a mail-enabled user on a computer
that is running Windows Server 2003 SP1. Run the Sc.exe tool, and then type
the following at a command prompt:

sc sdset SCMANAGER
D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Note The permissions string is specified in Security Descriptor Definition
Language (SDDL).

The following permissions are granted after you run the command:
• Discretionary access control list (DACL) o Allow to Authenticated Users:
SDDL_CREATE_CHILD, SDDL_LIST_CHILDREN, SDDL_READ_PROPERTY, SDDL_READ_CONTROL
o Allow to SYSTEM: SDDL_CREATE_CHILD, SDDL_LIST_CHILDREN, SDDL_READ_PROPERTY,
SDDL_WRITE_PROPERTY, SDDL_READ_CONTROL o Allow to Built-in Administrators:
SDDL_KEY_ALL • System access control list (SACL) o Audit activities of the
Everyone group: SDDL_AUDIT_FAILURE, SDDL_KEY_ALL o Audit activities of the
Everyone group: SDDL_INHERIT_ONLY, SDDL_OBJECT_INHERIT, SDDL_AUDIT_FAILURE
SDDL_GENERIC_ALL WD

Step 2: Add Read and Write permissions to the user account To add Read and
Write permissions to the user account that was delegated on the Microsoft
Exchange System Attendant service, follow these steps:
1. On the Exchange server, start the Active Directory Users and Computers
snap-in.
2. Right-click the name of the domain, and then click Properties.
3. Click the Group Policy tab, click Default Domain Policy, and then click
Edit to open Group Policy Object Editor.
4. Expand Computer Configuration, expand Windows Settings, expand Security
Settings, and then expand System Services.
5. Right-click the Microsoft Exchange System Attendant service, and then
click Properties.
6. Click to select the Define this policy setting check box, and then click
Edit Security.
7. Click Add, type username, click Check, and then click OK.
8. Click to select the Read check box and the Write check box.
9. Click OK two times, and then quit Group Policy Object Editor.
10. Click OK, and then quit the Active Directory Users and Computers snap-in.

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products
that are listed in the "Applies to" section.

0 new messages