JSI Tip 7746. Windows Messenger users cannot sign in to Microsoft Office Live Communications Server 2003?
February 11, 2004
Windows Messenger users cannot sign in to a Microsoft Office Live Communications Server 2003. The server's Application event log contains:
Event Source: Live Communications Active Directory Connector
Event Category: None
Event ID: 29
Date: MM/DD/YYYY
Time: HH:MM:SS
Event Type: Error
Computer:
Description: Encountered an unknown failure while attempting to process a user entry. The entry came from naming context DC=contoso,DC=com. This error has caused the replication cycle to fail. It will be retried.
Diagnostic information: User DN attribute value: CN=Guest,CN=Users,DC=contoso,DC=com Guid Active Directory attribute name: objectGUID Guid Active Directory attribute value: {A5E68767-26D9-4843-9B07-FDE285F87996} The error occurred while processing attribute isDeleted. The description of the error that occurred is: Decoding Error (hr=0x8007003b).
This behavior is symptomatic of the RTCHSDomainServices, RTCDomainServerAdmins, and RTCDomainUserAdmins groups having insufficient permissions to the user objects in Active Directory directory.
NOTE: If you removed permission inheritance from the domain container in Active Directory prior to installing the Live Communications Server, you will experience this behavior.
The minimum required permissions are:
Group name | Permission | Property name |
---|---|---|
RTCHSDomainServices | Read | RTCPropertySet |
RTCHSDomainServices | Read | RTCUserSearchPropertySet |
RTCDomainServerAdmins | Read | RTCPropertySet |
RTCDomainServerAdmins | Write | RTCPropertySet |
RTCDomainUserAdmins | Read | RTCPropertySet |
RTCDomainUserAdmins | Write | RTCPropertySet |
RTCDomainUserAdmins | Read | RTCUserSearchPropertySet |
RTCDomainUserAdmins | Write | RTCUserSearchPropertySet |
RTCDomainUserAdmins | Read | Public Information |
RTCDomainUserAdmins | Write | Public Information |
To resolve this behavior:
Start / Run / adsiedit.msc / OK, where ADSI Edit is installed from the SupportTools folder of the Windows Server 2003 CD.
Expand the domain controller name.
Right-click the container or OU where you want to assign permissions and press Properties.
Select the Security tab and press Advanced.
Press Add, type rtchsdomainservices, press Check Names, and press OK.
In the Permission Entry for box, select the Properties tab.
In the Apply onto list, press User objects.
In the Allow column, select the Read RTCPropertySet and Read RTCUserSearchPropertySet check boxes.
Press OK.
Press Add, type rtcdomainserveradmins, press Check Names, and press OK.
Select the Properties tab, press User objects in the Apply onto list, check the Allow boxes for Read RTCPropertySet and Write RTCPropertySet.
Press OK.
Press Add, type rtcdomainuseradmins, press Check Names, and press OK.
Select the Properties tab, press User objects in the Apply onto list, check the Allow boxes for Read Public Information, Write Public Information, Read RTCPropertySet, Write RTCPropertySet, Read RTCUserSearchPropertySet, and Write RTCUserSearchPropertySet.
Press OK, OK, and OK to close all dialog boxes.NOTE: Repeat the above for any other containers or OUs that contain Live Communications Server users.
Read more about:
MicrosoftAbout the Author
You May Also Like