This access control list is not in canonical form / Exchange 2019 CU 12
since upgrading to CU12 my favorite error "This access control list is not in canonical form" is back again.
Deleting the deny rule for the exchange sub system doesnt helped this time.
any ideas about this?
i googled a lot, but cant identify what is not "canonical"...
Thanks for any help!
attached our "customer" OU.
On root level i see only two deny rules (exchange windows permissions + exchange servers).
there are no deny rules for the exchange subsystem nor in the root of the ad domain.
The only to two deny rules at root level were "Exchange Windows Permissions" and "Exchange Server".
Both added with CU12
i also deleted this two rules at root level and everyhing is working again.
But this should not be a final solution, its more a bad workaround.
i will investigate this with the next CU 13 further..
The issue will be fixed in the next release without the need to remove the deny permissions. There is already a pull request for this issue: https://github.com/FuseCP/SolidCP/issues/2