Error message 'The security ID structure is invalid' is generated when trying to set Exchange 2000/2 (NETIQKB40782)

  • 7740782
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.0 SP1

symptom
Error: 'The security ID structure is invalid' generated when trying to set Exchange 2000/2003 mailbox security. 

symptom

The following event is generated on the Administration server when trying to set Exchange 2000/2003 mailbox security:

Event Type: Failure Audit
Event Source: MCSAdminSvc
Event Category: UserSetInfo
Event ID: 16306
Date:  5/21/2004
Time:  3:50:08 AM
User: Username
Computer: dra_server
Description:
ReturnCode: 0xc004392b:Error performing task: The security ID structure is invalid.

Facility: Win32
ID no: 80070539
Microsoft CDO for Exchange Management
 
Action:  X2KSetMailboxRights
ObjectType: User
Target:  OnePoint://cn=TESTl,OU=Users,OU=Acme,DC=com
Operands: 
 Trustee: acme\test1
 Allow - ExFullControl,
 Deny -
 Unset permissions -
Policy:  <none>
Trigger:  <none>



cause
When trying to look up the SID of an account, Directory and Resource Administrator (dra) is not clearing out the Error code if the account is not found in the cache.  Starting in DRA 7.0, there was additional retry code added to convert accounts to SIDs if dra was unable to resolve them. However, dra first looks in the cache, then tries to do a LookupAccountSid if it is not found. If there is an account that is not in the cache (i.e. Everyone), the code returns an error even though LookupAccountSid worked, because dra does not reset the HR after looking in the cache. 

fix

This issue is addressed in NetIQ Directory and Resource Administrator and Exchange Administrator version 7.0 SP1 Hotfix 40782.

Hotfix 40782 resolves this issue by clearing out the HR prior to doing the LookupAccountSid if the account is not found in the Cache and corrects an issue in which allowing a user account access to the mailbox of another user account could result in an error and an application event containing the error: 'The security ID structure is invalid'. 

Note: This Hotfix requires DRA version 7.0 SP1.

To download and install this Hotfix: 

  1. Run the DRA70001_Hotfix40782.msi file on your Administration server computers. 

This Hotfix modifies the X2KHelper.dll on Administration server computers.  By default, these files are located in the Program Files\NetIQ\DRA folder.

For more information, please contact NetIQ Technical Support at www.netiq.com/support.



Additional Information

Formerly known as NETIQKB40782