Hello everyone, I have a dilema with the following event logged in our backend server Event Type:WarningEvent Source:MSExchangeALEvent Category:LDAP Operations Event ID:8033Date:10/17/2008Time:5:05:16 AMUser:N/AComputer:BACKENDSRVRDescription:LDAP search result on directory server.child.domain.net for entry '<GUID=F242F60A-FB45-453E-A135-526D2109C1E4>' was unsuccessful with error:[0xa] Referral [ 0000202B: RefErr: DSID-031006E0, data 0, 1 access pointsref 1: 'gc._msdcs.domain.net:3268']. DC=child,DC=domain,DC=net Emails are working find between our forest root domain and this child domain but we get this every hour. What is this telling me exactly and how canI go about troubleshooting?!?! SETUP: FE + BE, Server 2003 enterprise sp2, Exchange 2003 sp2 located on the forest root domain. forest root domain + 3 child domains, only getting this error on one of the child domains. All servers run onServer 2003 enterprise sp2 Thanks for the help. Ceez

Run the exbpa tool and please check what the report has to say. You can download the same from www.exbpa.com

Hi, This event indicates that the Lightweight Directory Access Protocol (LDAP) search for the named object was unsuccessful. 1. Please install ESM on a DC in the child domain and then apply the SP2 for Exchange Server 2003. 2. Please delete the Domain RUS, run setup /domainprep on both parent and child domain and recreate the domain RUS for the child domain. Besides, if the above steps do not helpyou,then you can enable Diagnostic Logging for MSExchangeAL and then look for more detail error information. 1. Open the Exchange System Manager and navigate through the console tree to: Administrative Groups -> your administrative group -> Servers-> your server. 2. Right click on the listing for the problem Exchange server, and select Properties. 3. Select the Diagnostic Logging tab. 4. Select the MSExchangeAL service from the Services column. Please set the logging level to maximum for LDAP Operations, Service Control and Address List Synchronization. 5. Then please go to the MSExchangeSA service and set its Proxy Generation category's logging level to maximum. 6. Restart the Exchange server to reset the Recipient Update Service. 7. After the server restarts, set the logging level back to "no logging categories." This will keep the logging process from overwhelming your Exchange server. Hope it helps. Xiu

@Xiu Zhang: Thanks for the post. I performed parts of the steps you suggested on friday. I started by removing the RUs of the child domain - ran domainprep on child domain DC (not forest root domain) - recreated the RUS. The errors stopped after performing those steps and new accounts are being stamped with email addresses. So RUS is working at this time. One thing I did notice on my RUS is that the Administrator account of this child domain is not listed on the security tab of the forest root domain or other child domain RUS. See screentshot "rus baftl.jpg". As you can see there's the root administrator account along with the other 2 child domains administrator account, the 3rd child "baftl" is missing from that list. I am not able to manually add it, I compared the other 2 child domains and when I go to advanced there are no check marks for any permission, so without any permissions set it automatically removes baftl\administrator. Hope I was able to explain that. Again, all seems to be working fine, but just noticed that security setting while troubleshooting the original issue. Thanks again for the help. ceez

Ok so after much digging around I found the solution to the missing permission. I opened ESM -> properties of domain and this child domain only had Full Controll | This object only. I mimicked my other 2 child domains which had Deny for Send As & Receive As |This object and subcontainer. Now in RUS I see the correct permissions and I created a test account at it created an email account incredibly fast. thanks, ceez