Microsoft KB Archive/324114

= XADM: Event ID 9551 Warning Messages Are Not Logged If You Run Exmerge =

Article ID: 324114

Article Last Modified on 2/20/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q324114





SYMPTOMS
If you use an administrator account to run Exmerge.exe to identify user accounts that are not represented in Active Directory, the event ID 9551 warning messages that identify those objects and users may not be logged.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

Component: Information store

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

  Date           Time    Version       Size        File name --   12-JUL-2002   17:08   6.0.5771.28   4,547,136   Store.exe NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 2.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.



MORE INFORMATION
In an environment that is mixed (contains Microsoft Exchange Server 5.5 and Exchange 2000) or an environment that was previously mixed, the access control list (ACL) of mailboxes and public folders may contain user accounts that are not represented in Active Directory. Such users are &quot;zombie&quot; users.

Zombie users may cause a problem if the ACL from Exchange Server 5.5 is upgraded to match the NTDS format that is used in Exchange 2000. Exchange 2000 tries to upgrade the ACL each time that the ACL has to be evaluated. If Exchange 2000 encounters a zombie user during the upgrade, the upgrade does not work. Exchange 2000 tries to upgrade the ACL again the next time that Exchange 2000 accesses the ACL. Zombie users can lead to a range of issues, depending upon how prevalent they are in the environment.

If Exchange 2000 encounters a zombie user during the ACL upgrade, the following warning message is logged. Administrators can use this warning message to identify the object and user account that are in a zombie state:

Event Type: Warning

Event Source: MSExchangeIS Mailbox Store

Event ID: 9551

Description:

An error occurred while upgrading the ACL on folder [MBX:User1]/Calendar located on database &quot;Server1\Mailbox Store 1 (server)&quot;. The Information Store was unable to convert the security for /O=ORGANIZATION/OU=SITE/CN=RECIPIENTS/CN=123456 into an NT Security Identifier. It is possible that this is caused by latency in the Active Directory Service, if so, wait until the user record is replicated to the Active Directory and attempt to access the folder (it will be upgraded in place). If the specified object does NOT get replicated to the Active Directory, use the Microsoft Exchange System Manager or the Exchange Client to update the ACL on the folder manually. The access rights in the ACE for this DN were 0x401.

This warning message is logged only if Exchange 2000 accesses the object and cannot upgrade the ACL. If you are an Exchange administrator, you may want to be proactive and use a utility such as Exmerge.exe to identify all of the zombie users in your environment. Exmerge.exe accesses each folder, which forces an upgrade of ACLs. You typically use an Exchange administrator account to run Exmerge.exe, but if you do so, the event ID 9551 warning message is not logged. The fix that this article describes permits administrators to run a utility such as Exmerge.exe to access each folder and identify zombie users with the event ID 9551 error messages. For additional information about how to use the information store to automatically remove identified zombie users, click the article number below to view the article in the Microsoft Knowledge Base:

318549 XADM: Migrated Exchange Server 5.5 Mailboxes Generate Event ID 9551 Warning Messages for the ACL

Keywords: kbhotfixserver kbqfe kbbug kbexchange2000presp3fix kbexchange2000sp3fix kbfix KB324114

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.