FIM/GALSync Troubleshooting: Active directory response: 00002098: SecErr DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
OVERVIEW / PURPOSE / GOAL
The purpose of this wiki page is to share knowledge that we have learned in support. The goal of this page is to provide information on how to resolve another Event ID 6801 error message on an export to Microsoft Exchange 2010. This particular issue occurred in a GalSync solution, but can also be seen in an Active Directory Management Agent solution as well that exports to Microsoft Exchange 2010.
PROBLEM STATEMENT
You have a GalSync Solution that is exporting mail-enabled contacts to Microsoft Exchange 2010. You have some mail-enabled contacts that are exporting just fine, and others that are throwing a ma-extension-error, and creating duplicates in the Active Directory.
You review the Application Event Log and see that you have an Event ID: 6801. You investigate this Event ID: 6801 and find you are receiving an INSUFF_ACCESS_RIGHTS, as per the below picture.
CAUSE
The child domain controller was missing the SACL permissions.
One place you can identify these permissions, is via the Application Event Log on the Microsoft Exchange 2010 Server. The Application Event Log will have an Event ID: 2080 which is a Topology event.
RESOLUTION
On the Microsoft Exchange 2010 server, execute the following command:
Setup.com /Preparedomain:<childdomain>.<parentdomain>.com
To Prepare all domains
Setup.com /PrepareAllDomains