Thursday, 2 April 2009

That Old SeSecurityPrivilege Error

I had an interesting problem the other day when installing a Hub Transport server. Basically, the installation failed with the classic error message of "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation". As it turned out, this error was also seen when running the Move-TransportDatabase.ps1 script provided by Microsoft and also when installing the Client Access Server role.

I ran the policytest.exe file that you can find in the \setup\serverroles\common folder from the Exchange 2007 source media. This program confirms whether the SeSecurityPrivilege right has been found on the domain controllers in the Active Directory site. This right is set on the Domain Controller Security Policy by the /PrepareDomain process. Specifically, the process grants the Manage Auditing and Security Log right. Policytest.exe confirmed that the right was present on all domain controllers.

I scratched my head for a while but it turned out that the Manage Auditing and Security Log right wasn't present on the local server's policy for the account that I was using to install the Exchange 2007 server. I added the right to my account via membership of a group and the installation proceeded just fine.

1 comment:

Ali said...

Thanks bro...I faced the same issue...Your article saved my a$$.