Sep 07 2020 03:53 AM
Hello,
For a while now I have been getting a warning every time I open a distribution group or mail-enabled security group in the on-prem admin center.
"The object removed has been corrupted or isn't compatible with Microsoft support requirements, and it's in an inconsistent state. The following validation errors happened:
The access control entry defines the ObjectType 'a8df73ef-c5ea-11d1-bbcb-0080c76670c0' that can't be resolved.."
As far as I can figure 'a8df73ef-c5ea-11d1-bbcb-0080c76670c0' referrs to the 'Employee Number' LDAP attribute, which a group object does not have?
It doesn't appear to cause any issues, but I would still like to fix the problem.
Anyone got any ideas to what might be causing this error? We are running Exchange 2016 CU16 in a hybrid environment.
Sep 07 2020 04:27 AM
Sep 07 2020 05:22 AM
@ChristianBergstrom
Thank you for the suggestion.
I ran "Get-Mailbox -monitoring" but found no errors there.
Sep 07 2020 05:44 AM - edited Sep 07 2020 05:48 AM
@Gly Hey, try this then :)
What I want to highlight is this.
1. Run the IISReset on all Exchange server.
2. If reset IIS does work, reboot all Exchange server and check the result.
Sep 07 2020 06:06 AM
@ChristianBergstrom
I have tried this earlier, both iis reset and reboot. I have also tried recycling the "MSExchangeECPAppPool" as suggested in the post.
Sep 07 2020 06:13 AM
@Gly I'm sure one of the Exchange experts will reply with a solution. At least we have narrowed it down then.
Sep 07 2020 06:17 AM
@Gly Btw, just saw this. Give it a try? https://www.azure365pro.com/exchange-control-panel-error-access-control-entry-not-resolved/
Sep 07 2020 06:41 AM
@ChristianBergstrom
I checked the Ad permissions for the domain now, and it's not yielding any errors either.
Sep 07 2020 11:07 AM
Have you considered re-running:
setup.exe /preparead
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-201...
Sep 08 2020 01:45 AM - edited Sep 08 2020 05:14 AM
@VickVega
I have not. I tried to verify the active directory versions now, and I see in ADSI that that the 'objectVersion' in the Configuration naminig context is <not set>. So you may be onto something. We wil try to update schema again next week.
Nov 13 2020 02:32 AM
@Gly did you find a fix, I have exactly the same warning messages when editing Distributons Groups in Ex2016 EAC?
Nov 13 2020 03:28 AM
@blozza77 No, I did not - sorry for not updating the post. Eventually we tried to update schema again, but it did not resolve the issue.
Jan 19 2023 02:40 AM
@MarcoLFrancisco no we never did, we just live with warning. It’s doesn’t appear to cause any issues, changes still apply to objects when you ignore the message.
I still think it’s a legacy schema object artefact somewhere. We’ve had exchange in our AD since version 5.x and retired many child domains.
Jan 19 2023 02:58 AM
Jan 20 2023 04:53 AM