Directory and Resource Administrator 7.0 SP1
Error: 'The security ID structure is invalid' generated when trying to set Exchange 2000/2003 mailbox security.
The following event is generated on the Administration server when trying to set Exchange 2000/2003 mailbox security:
Event Type: Failure Audit
Event Source: MCSAdminSvc
Event Category: UserSetInfo
Event ID: 16306
Time: 3:50:08 AM
ReturnCode: 0xc004392b:Error performing task: The security ID structure is invalid.
ID no: 80070539
Microsoft CDO for Exchange Management
Allow - ExFullControl,
Unset permissions -
When trying to look up the SID of an account, Directory and Resource Administrator (dra) is not clearing out the Error code if the account is not found in the cache. Starting in DRA 7.0, there was additional retry code added to convert accounts to SIDs if dra was unable to resolve them. However, dra first looks in the cache, then tries to do a LookupAccountSid if it is not found. If there is an account that is not in the cache (i.e. Everyone), the code returns an error even though LookupAccountSid worked, because dra does not reset the HR after looking in the cache.
This issue is addressed in NetIQ Directory and Resource Administrator and Exchange Administrator version 7.0 SP1 Hotfix 40782.
Hotfix 40782 resolves this issue by clearing out the HR prior to doing the LookupAccountSid if the account is not found in the Cache and corrects an issue in which allowing a user account access to the mailbox of another user account could result in an error and an application event containing the error: 'The security ID structure is invalid'.
Note: This Hotfix requires DRA version 7.0 SP1.
To download and install this Hotfix:
- Run the DRA70001_Hotfix40782.msi file on your Administration server computers.
This Hotfix modifies the X2KHelper.dll on Administration server computers. By default, these files are located in the Program Files\NetIQ\DRA folder.
For more information, please contact NetIQ Technical Support at www.netiq.com/support.