cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Win2k3 SP1 on Exchange & Security Problem

Glenn_Martin
Level 6
Employee Accredited

‎11-21-2005 10:59 AM

Had a nice one this weekend which has led me to try and find out more about Win2k3 SP1.

First of all the story

We upgraded to Win2k3 SP1 on our Exchange servers this weekend, simple enough. Our EV server runs on Win2k3 without SP1 but we thought SP1 on Exchange seemed reasonable.

Well all was OK untill we restarted our Archive/Retrievel services and got a 3077 error which means that we couldn't start any of archive/retrievel services. we know before SP1 was put on Exchange that things worked OK and that our security rights model was correct.

The event text is as follows.

Unable to determine the version of the Exchange server ZSTS124012, the service will shut down
Reason: Access Denied

I then went over to the old EV events website just to see what it could tell me. This link might work or might ask you to logon (don't know how you get access to it)
http://evevent.veritas.com/EventShowResult.asp?EventNumber=3077

There's lots of info there but the footnote says the following.

This error may occur when starting a service that is connecting to a server running Windows 2003 Service Pack 1. As of 9th May 2005, Windows 2003 Service Pack 1 is not supported and is still being certified.
Contact your local support office for the latest information

Anyway, as an idea we added the service account to the Exchange local admin group and then we found we could start our EV services. I can't see why the service account needs these rights, obviously the Exchange rights are correct. We're awaiting a response from support about this problem but at least the workaround works but we just can't find any more supporting info about the Win2k SP1.

Anyone else had fun with SP1?

Thanks
Glenn
0 Kudos
4 REPLIES 4

David_Messeng1
Level 6

‎11-21-2005 12:44 PM

Glenn,

I *think* we had the problem in test and I *think* we solved it the same way as you but I also *think* it was before we had aplied SP1to anything.... so go figure :)

It's now part of our design to have the SA as a local admin on Exc servers (but not SQL).

The rest of the stuff in Rosetta looks about as useful as all the other stuff in Rosetta (d'you think we could get it renamed Redherringa?) and it's obvioulsy not been updated for 6.5 months!


David
0 Kudos

Aaron_Mears
Level 4
Employee Accredited Certified

‎11-21-2005 01:02 PM

SP1 is supported, with known issues.

http://seer.support.veritas.com/docs/276196.htm
0 Kudos

Tremaine
Level 6
Employee Certified

‎11-22-2005 12:18 AM

The problem in this particular instance is down to the tightening of security in W2k3 SP1. Essentially EV contacts the Service Control Manager to determine the exchange version on service startup.

MS became a bit more stricter in controlling the privilages required when querying the SCM with SP1.
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/service_security_and_access_rights.asp)

Apparently this is supposed to be fixed in V6 SP1 according to support (and I assume V5 SP6 for those still using V5)
0 Kudos

Glenn_Martin
Level 6
Employee Accredited

‎11-22-2005 02:05 AM

I think the last post from Ghost shows the probable cause, thanks for that. Though of course it defies belief that such a simple thing could be missed in the Symantec QA process. Ok, we also let this one slip past our own QA so we'll need to remember to keep vigelent when doing any Exchange server patches or SPs.

Also, just to clarify that this problem was caused by SP1 on the Exchange server and NOT SP1 on the EV server.
0 Kudos