This access control...
 
Notifications
Clear all

This access control list is not in canonical form / Exchange 2019 CU 12

5 Posts
4 Users
0 Likes
308 Views
rickstinson
Posts: 17
Topic starter
(@rickstinson)
Active Member
Joined: 4 years ago

Hi...

since upgrading to CU12 my favorite error "This access control list is not in canonical form" is back again.
Deleting the deny rule for the exchange sub system doesnt helped this time.

any ideas about this?

i googled a lot, but cant identify what is not "canonical"...

Thanks for any help!
Patrick

4 Replies
rickstinson
Posts: 17
Topic starter
(@rickstinson)
Active Member
Joined: 4 years ago

attached our "customer" OU.

On root level i see only two deny rules (exchange windows permissions + exchange servers).

Reply
1 Reply
gflex
(@gflex)
Joined: 6 years ago

Eminent Member
Posts: 41

@rickstinson 

Check if Exchange subsystem has any deny rules on the customer OU. If they do remove it and it will work

Reply
rickstinson
Posts: 17
Topic starter
(@rickstinson)
Active Member
Joined: 4 years ago

Hi,

there are no deny rules for the exchange subsystem nor in the root of the ad domain.
The only to two deny rules at root level were "Exchange Windows Permissions" and "Exchange Server".

Both added with CU12

i also deleted this two rules at root level and everyhing is working again.
But this should not be a final solution, its more a bad workaround.

i will investigate this with the next CU 13 further..

Reply
bogdan_k
Posts: 80
(@bogdan_k)
Member
Joined: 6 years ago

The issue will be fixed in the next release without the need to remove the deny permissions. There is already a pull request for this issue: https://github.com/FuseCP/SolidCP/issues/2

Best regards

Bogdan

Reply
Share: