Hi,New Exchange 2007 SP1 server, joined to a single server Exchange 2003 organisation. Installed Exchange fine, connected to 2003, applied rollup, etc etc, migrated a test mailbox - all good.Server object was moved to another OU, reboot server, server hangs at applying computer settings. Can look at eventvwr and srvmgr remotely. The only way we were able to get the server to work was by adding it to the Domain Admins group!Without the server in the domain admins group, get a whole series of Exchange errors at boot:App log MSExchange ADAccess, 2501, The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. MSExchange ADAccess, 2114, Topology discovery failed, error 0x80040a02 MSExchangeIS, 1121, Error 0x96f connecting to the Microsoft Active Directory. MSExchange ADAccess, 2604, Process MSEXCHANGEADTOPOLOGY (PID=1464). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object XXXMAIL2 - Error code=80040a01System Log The Microsoft Exchange Information Store service terminated with service-specific error 0 (0x0). Timeout (30000 milliseconds) waiting for the Microsoft Exchange Service Host service to connect. The Microsoft Exchange Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. All very strange! Boot the server into safe mode, disable Exchange services, boots fineChecked access to DCs - all goodChecked that no GP were affecting the security settings - all goodMoved the server back to the computer OU - still wont bootFixed the issue by adding the Exchange server to the Domain Admins group and restarting - booted straight away, Exchange works perfectly.Any suggestions on how to troubleshoot this issue - obviously don't want to leave the server as part of domain admins...ThanksNickBTW, server is not a DC

It certainly sounds like a permisison issue if being a member of the domain admins fixes the problem, and removing it from the group brings the problem back. So I did a couple of searches on the errors you reported. It looks like some people have had issues when the manage auditing and security logs permissions gets changed on the DCs. It's quite possible someone did this to you inbetween reboots, and that you only noticed it on the reboot. Here is an example of someone else having your issue and how they resolved it: http://forums.msexchange.org/m_1800430290/printable.htm When in doubt GPMC is your friend as it can show what the effective permissions are through the various GPOs. It could also not be defined in a GPO and someone just changed the local security policy. Here is a MSFT KB article on how to manually fix the issue: http://support.microsoft.com/kb/925825 This is all assuming this is what is causing your issue.

Hi Hotfix - thanks for your advice - managed to sort the issue.For anyone else reading this post with a similar issue.... Exchange Servers already had manage auditing and security logs permissions Added a GPO to OU to explicitly force the permission as per kb q925825 - issue still continued Reran setup.com /preparead - rebooted Issue resolvedthanksNick

You are most welcome.