Microsoft KB Archive/935676

= Event ID 9317 is logged when the Microsoft Exchange System Attendant service comes online on an Exchange 2007 cluster node =

Article ID: 935676

Article Last Modified on 4/17/2007

-

APPLIES TO


 * Microsoft Exchange Server 2007 Enterprise Edition

-



SYMPTOMS
You have a Microsoft Exchange Server 2007-based cluster environment. When the Microsoft Exchange System Attendant service comes online on a cluster node, the following events are logged in the Application log: Event Type: Error

Event Source: MSExchangeSA

Event Category: General

Event ID: 9317

Date:

Time:

User: N/A

Computer:

Description:

Failed to register Service Principal Name for exchangeRFR; error code was c0072098.

Event Type: Error

Event Source: MSExchangeSA

Event Category: General

Event ID: 9317

Date:

Time:

User: N/A

Computer:

Description:

Failed to register Service Principal Name for exchangeMDB; error code was c0072098.



WORKAROUND
To work around this problem, use the Add-ADPermission command to add permissions to an Active Directory object on a server on which the Exchange Management Shell is installed. To do this, follow these steps.

Note You must use an account that has permissions to modify computer account objects in Active Directory.  Run the following command in the Exchange Management Shell.

add-ADPermission -Identity -User   -AccessRights WriteProperty -Properties &quot;Validated-SPN&quot;

Note The -Identity parameter specifies the identity of the object to which the permissions are being granted. The -Identity parameter requires the full name of the user in quotation marks. The  placeholder is the clustered Exchange mailbox server distinguished name. The -User parameter specifies the object to which the permissions are being granted. The  placeholder is the name of the cluster node followed by the dollar sign to specify that it is a computer object. Replace the value of the -User parameter with the next cluster node, and then run the add-ADPermission command again.

Note You must run the add-ADPermission command one time for each node in the Exchange 2007 cluster.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
A service principal name (SPN) is a unique name that identifies an instance of a service. An SPN is associated with the logon account under which the service instance runs. Kerberos authentication will fail for Exchange Server services if the SPNs cannot be configured correctly.

Additional query words: Kerberos add-ADPermission

Keywords: kbprb kbexpertiseinter kbexchcluster kbtshoot KB935676

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.