Exchange 2003 on Windows 2003 get an error ID no: c10308a2

Asked By 20 points N/A Posted on -
qa-featured

Hi All,

Exchange 2003 on Windows 2003 get an error ID no: c10308a2

I get this error when i add or edit an email address for an mail enabled user account. Any help would be useful.

Microsoft Active Directory – Exchange Extension

                An Exchange Server could not be found in the domain.

                Check if the Microsoft System Attendant service is running on the Exchange Server.

                ID no: c10308a2

Microsoft Active Directory – Exchange Extension

Thanks to all in advance who read and try to help

SHARE
Answered By 0 points N/A #91305

Exchange 2003 on Windows 2003 get an error ID no: c10308a2

qa-featured

These problems started once the Exchange 2003 servers were updated to Windows 2003 SP1. Apparently, this has something to do with the services control manager and the DCOM/RPC security hardening that was done in Windows 2003 SP1. Here is a blog entry I read about this: Fun with changing E-Mail Addresses

I found very little data on the Internet about this, but I did find one thread that seemed to be relevant: Could NOT change mail address after Windows Server 2003 sp1

This article suggested running a program against the Windows 2003 server that would adjust the necessary permissions for the Distributed COM Users group. However, being a little uncomfortable with this solution, I wanted the "official" Microsoft, supported solution. Here is what PSS recommended.

Edit the Default Domain GPO, in the Services portion of the GPO, set the Microsoft Exchange System Attendant service to start automatically and then set Security on this service so that your groups that have been delegated Exchange View Only Admins permission will also have the "Read" and the "Write" permissions on this service. (You will need to edit the GPO from an Exchange server in order for the Exchange services to show up properly in the Services section of the GPO. I was not crazy about this solution and I'm still now sure why it is necessary to put this in the Default Domain GPO rather than a GPO that just applies to the Exchange Servers OU. However, I tried this by editing ONLY the GPO that applied to the Exchange Servers and it did not fix the problem.

In the middle of all this troubleshooting, Microsoft released KB 905809: You receive an "ID no: c10308a2" error message when you use the Active Directory Users and Computers snap-in to remotely add or edit an e-mail address for a mail-enabled user in Exchange Server 2003.

The method that seems to have ended up fixing this is Method 1 in this KB article. Make sure that you have v5.2.3790.1830 of the SC.EXE utility. At the command prompt on each Exchange server, run:

sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Make sure you type this command in exactly, as the Security Descriptor Definition Language (SDDL) must be typed in exactly. You can also insert the name of the server into the SC command line and perform this task remotely.

Related Questions