Unable to enable Exchange 2007 Support. (NETIQKB72061)

  • 7772061
  • 28-Jan-2010
  • 06-Jan-2012

Environment

Directory & Resource Administrator 8.x

Situation

Unable to enable Exchange 2007 Support.

Resolution

The following event will be generated once DCOM logging is enabled.

Severity: Error

Event ID: 10017

Source: COM

Category: None

The machine default permission settings do not grant local access permission to the COM server application C:\Program Files\NetIQ\DRA\DRAExchShell.exe to the user domain\serviceaccount {SID}. The security permission can be modified using the Component Services administrative tool

To resolve this issue:

  1. Add ?DRA service account? to GPO policy ?DCOM:Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) Syntax? and  give full privilege (Local Launch, Remote Launch, Local Activation, Remote Activation).
  2. Add ?DRA service account? to GPO policy DCOM:Machine Access Restrictions in Security Descriptor Definition Language (SDDL) Syntax and  give full privilege (Local Access, Remote Access).
  3. Copy the ?Customized? Security option ?MCS OnePoint Administration Service? to ?ExchShell?. DRA starts working fine once System is restarted.

Cause

This can occur when the following two GPO policies are enabled:

1.    DCOM:Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) Syntax
2.    DCOM:Machine Access Restrictions in Security Descriptor Definition Language (SDDL) Syntax

Note: Location of policy: (Group Policy object) Computer Configuration \Windows Settings \Local Policies \Security OptionsDCOM setting are proper for this customer, but due to GPO DCOM policy, DRA Exchange functionalities are not working.

In DRA 8.5 onwards Installer will configure DCOM settings. But somehow, the DCOM security settings for ?MCS OnePoint Administration Service? and ?ExchShell?.

?Customized? Security option for ?Launch and activation Permissions? and ?Access Permission? for the DRA component ?MCS OnePoint Administration Service? and ?ExchShell? is selected. Unfortunately ?Customized? Security option for ?ExchShell?, doesn?t have enough privileges.

Additional Information

Formerly known as NETIQKB72061