XADM: Recipient Update Service Stops Responding with Event ID 8022 (287137)
The information in this article applies to:
- Microsoft Exchange 2000 Server
This article was previously published under Q287137 SYMPTOMS The Exchange 2000 Server Recipient Update Service may stop
responding (hang), and the following event messages may be reported in the
application event log:
Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8022
Date: 8/16/2000
Time: 10:40:08 AM
User: N/A
Computer: COMPUTER1
Description:LDAP Modify on directory SERVER.DOMAIN.COM for entry 'GUID=
689EEE62CB08294993BD438752ACE1C0' was unsuccessful with
error:[0x32] Insufficient Rights [ 00002098: SecErr: DSID-031513C9,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]. DC=DOMAIN,DC=COM
Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8270
Date: 8/16/2000
Time: 10:40:08 AM
User: N/A
Computer: COMPUTER1
Description:LDAP returned the error [32] Insufficient Rights when importing the transaction
dn: GUID=689EEE62CB08294993BD438752ACE1C0
changetype: Modify
msExchPoliciesIncluded:delete:{00EA60B8-FC3A-4753-B678-CCCACFEC5A4E},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
msExchPoliciesIncluded:add:{8B158D05-590D-4EB3-B730-E2DF2B30D331},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
nTSecurityDescriptor:01000490000000000000000000000000140000000400B40418000000050238001000000001000000...
msExchALObjectVersion:44
objectGUID:689EEE62CB08294993BD438752ACE1C0
-
DC=DOMAIN,DC=COM
Event Type: Warning
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8168
Date: 8/16/2000
Time: 10:40:08 AM
User: N/A
Computer: COMPUTER1
Description:Could not modify user/group: 'CN=HIDDEN DL NAME,OU=ORG,DC=DOMAIN,DC=COM'. DC=DOMAIN,DC=COM
CAUSEThis issue occurs because the Recipient Update Service
encounters a distribution list/distribution group that has its membership
hidden. When the Recipient Update Service encounters one of these distribution
lists, it logs an error in the Application event log, and then goes to sleep
for 30 minutes. After the 30 minutes have elapsed, the Recipient Update Service
tries to update the distribution group again.RESOLUTION To resolve this issue, give the Exchange Enterprise Servers
group the appropriate rights. To do this, follow these steps:
- Start the Active Directory Users and Computers
snap-in.
- Click View, and then ensure that the Advanced Features
check box is checked.
- Right-click the domain object and click Properties.
- Click the Security tab.
- In the Name box, click the Exchange Enterprise Servers group.
- Click the Advanced button.
- Scroll down and click the entry for the Exchange Enterprise
Servers group that has Special permissions which apply to group
objects.
- Click the View/Edit button.
- Locate the Modify Permissions attribute and click to select
the check box in the Allow column.
- Click OK until all the windows are closed.
STATUSMicrosoft has confirmed that
this is a problem in Microsoft Exchange 2000 Server.
MORE INFORMATIONThis issue occurs when the Recipient Update Service tries to
process a distribution list that has the hideDLMembership attribute set to True, but the security of the group has not been changed to reflect
the hidden membership setting. This may occur if the distribution list is
created by a tool such as AutoDL. In this case, the Recipient Update Service
tries to modify the security descriptor of the group, but it does not have
permission to do so. This issue does not occur if the distribution list was
created by using the Active Directory Connector or by using Active Directory
Users and Computers. In this case, the Active Directory Connector or the
administrator who is using Active Directory Users and Computers modifies the
security of the group object to make the membership hidden. The issue also does
not occur if the Recipient Update Service is running on a domain controller.
| Modification Type: | Minor | Last Reviewed: | 4/25/2005 |
|---|
| Keywords: | kbbug kbpending KB287137 |
|---|
|