Forum Discussion
Exchange 2016 Event 2159 ADAccess Validation Failed
We intermittently see event id 2159 generated on our Exchange 2016 Server (CU23 Jan23SU). They seem to have appeared sometime in the past month. We tend to see about 50-150 events per day.
We've experienced some intermittent issues with mail queuing which has required restarting the transport service and suspect these events might be related in some way.
I've set the logging level to Expert for MSExchange ADAccess\Validation but I'm not exactly sure what additional events this logging should generate.
The process is usually MSExchangeDelivery.exe, w3wp.exe, or MSExchangeFrontendTransport.exe. The objects that fail validation seem to usually be one of the database objects but I also see it looking for transport settings. The objects seem to be valid and can be located in ADSI Edit.
Event 2159 MsExchange ADAccess
Process w3wp.exe (FE_Eas) (PID=14124). Configuration object CN=DB2016-04,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=localdomain,DC=com read from dc01.localdomain.com failed validation and will be excluded from the result set. Set event logging level for Validation category to Expert to get additional events about each failure.
We've ran dcdiag against the domain controllers in our environment but don't see any issues. Any tips would be appreciated.
22 Replies
- We have had identity enabled on the DCs since we did a POC last October. Not really much to configure specific to identity except to allow it to monitor DC traffic or turn it off altogether. To have it actively block or do anything other than monitor you have to create rules which we have not done anything with yet.
- jlando This is whats made it so difficult to diagnose as March security patch came out just as our security team rolled out CS Identity Protection. @DrSchutt comment very helpful as our security team did not want to remove CS altogether and only put in exceptions.
We're still working with Microsoft over here.- We are experiencing the same exact issues. We are also running CS with the ITP module running the intergrated DC sensor.
Has anyone heard back from CS support or Microsoft on the root cause? I've since opened a support ticket with CS but still waiting on an anyalisys from them.
- Yes i am using CS identity protection
- We tried to do all the recommended exclusions on Exchange and that did not fix it. Then we removed it all together from Exchange as a test and that did not fix it either. Microsoft is saying it has something to do with the LDAP query fro EXCH to Domain controllers and some thing is changing the response. Our next step is to look at our CS install on our DC’s.
That database object is valid or is it perhaps a lingering object from an incomplete removal/uninstall or something, e.g.
Get-AdObject -Identity 'CN=DB2016-04,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=localdomain,DC=com'- I've examined the database objects I'm seeing these events for and they are our production mailbox DBs, we have 5 of them DB2016-01->05.
If I run Get-MailboxDatabase it lists those 5 DBs so in my case it doesn't appear that these are old/stale objects. I'm able to run Get-AdObject against each of them and it lines up with what I see in the Get-MailboxDatabase output.
I noticed that setting the logging level to expert also generates event ID 2161 which has a little bit of additional information, "Attribute: EdbFilePath. Error message: You must provide a value for this property.. Invalid data: ."
When I look at the DB objects in ADSIEdit there is no attribute EdbFilePath on any of the objects. They do have an attribute msExchEDBFile which points to the actual database. Is it expected that EdbFilePath doesn't exist? If so maybe this is just a weird bug in Exchange.- I am having the same issue. We have 4 2k19 Exchange Servers all in a DAG on Windows 2019 Server. About every day we are having to restart the transport services and we are also getting the Event ID 2159. I have a ticket open with MS. Has anyone fixed this issue as of yet?
