11-18-2008 01:53 AM
We have a 2008 resource forest with Exchange and EV in it and our account forest where our people live. EV has been in and running for around 2 months and Exchange is being rolled out as we are migrating from Notes. About half our UK users are now on Exchange (around 2500 people) and are configured to use EV.
Occassionally, EV would seem to lose contact with Exchange during a synchronisation and all our users would lose access to their vaults. The permissions within the vault would be blank and we would get the following in the vent log on the EV server:
Failed to list mailbox permissions whilst synchronizing due to a missing Active Directory attribute.
User: CN=aaaa,OU=UK,aaaaa=aaaa,DC=aaaaa,DC=aaaa
Attribute: msExchMailboxSecurityDescriptor
This permission is set correctly within AD. If you manually set the permissions then people can use EV quite happily.
What we found was that EV would usually right itself after a period of time, however, the permissions fell away around a week ago now and no-one has had access to their vaults in that time.
In the short-term I am looking at running a script to manually set the permissions for all users although this will take a fair amount of time to do and I would rather get to a point where the inherited permissions are doing what they are supposed to.
Any ideas?
11-19-2008 11:16 AM
Are both your resource forest and your account forest in 2008 native mode? Or are they 2008 running in 2003 compatibility mode?
As far as I know we don't support 2008 AD currently, so you could be running into issues purely due to incompatiblity?
11-20-2008 12:28 AM