Microsoft KB Archive/824054

= How to troubleshoot an event ID 9318 message in Exchange Server 2003, in Exchange 2000 Server, and in Exchange Server 5.5 =

Article ID: 824054

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
This article describes the following known issues that may cause an event ID 9318 message:
 * Exchange Server 5.5 servers in a site communicate through a firewall which uses NAT.
 * The source bridgehead Exchange 2000 Server server is not a target bridgehead server for the other end of the Routing Group Connector.
 * The total number of databases exceeds 50 for Exchange Server 5.5 servers in Exchange Server 2003 clustered environment.

''This article describes general troubleshooting methods to troubleshoot this event ID message. This article also describes the following troubleshooting methods:''
 * Verify the service account that is used by MTA.
 * Verify the service account permissions.
 * Verify that fully qualified domain name (FQDN) resolution is working.
 * Verify that there is enough RAM.



INTRODUCTION
This article describes how to troubleshoot an event ID 9318 message. This event may be logged when you experience mail flow issues.



MORE INFORMATION
You may experience mail flow issues in Microsoft Exchange Server 5.5, in Microsoft Exchange 2000 Server, and in Microsoft Exchange Server 2003. When you experience this issue, the following events may be logged in the Application log.

Note The error code in the description of the event may vary. Event Type: Warning

Event Source: MSExchangeMTA

Event Category: Interface

Event ID: 9318

Description:

An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 41, Windows 2000/MTA error code: %1. Comms error %2, Bind error %3, Remote Server Name SERVER [MAIN BASE 1 500 %10] (14)

Event Type: Warning

Event Source: MSExchangeMTA

Event Category: Security

Event ID: 9297

Description:

The user /o= /ou= /cn=Configuration/cn=Servers/cn= has caused a security violation. Locality table (LTAB) index: 40. Windows 2000 error code: 0X80070005. [BASE IL MAIN BASE 1 237] (14)

Type: Warning

Source: MSExchangeMTA

Category: Interface

Event ID: 9322

Description:

An interface error has occurred. An MtaBindBack over RPC has failed. Locality Table (LTAB) index: 102, NT/MTA error code: 1722. Comms error 1722, Bind error 0, Remote Server Name EMEA28, Protocol String ncacn_ip_tcp:10.44.150.216[2080] [BASE IL INCOMING RPC 36 507] (14)

Type: Warning

Source: MSExchangeMTA

Category: Operating System

Event ID: 9215

Description:

A sockets error 10061 on a connect call was detected. The MTA will attempt to recover the sockets connection. Control block index: 1. [BASE IL TCP/IP DRVR 8 274] (12)

Event Type: Warning

Event Source: MSExchangeTransport

Event Category: Connection Manager

Event ID: 4000

Description:

Message delivery to the remote domain ' ' failed for the following reason: The remote server did not respond to a connection attempt.

For more information about the Microsoft Windows NT, Microsoft Windows 2000 Server, or Microsoft Windows Server 2003 Message Transfer Agent (MTA) error code, type Net HelpMsg at a command prompt.

The servers in a site communicate through a firewall that uses NAT
Consider the following scenario:
 * Two servers that are running Exchange Server 5.5 Service Pack 4 (SP4) are located in the same site.
 * Server1 is in an internal network, 172. . Server2 is in external network, 10. . The external network is behind a firewall that uses Network Address Translation (NAT).
 * NAT is used to translate 10. into an internal IP address, 172..

In this scenario, mail may queue on the computer that is behind the firewall until the external server connects to deliver the messages. Additionally, an event ID 9318 message and an event ID 9322 message that includes error code 1722 are logged in the Application log.



The source bridgehead server is not a target bridgehead server for the other end of the Routing Group Connector in Exchange 2000 Server
In Exchange 2000 Server, if a source bridgehead server is not a target bridgehead server for the other end of the Routing Group Connector, MTA may log an event ID 9318 message that contains error code 0. You do not experience mail loss or mail delay. However, you receive confusing warning messages in the Application log.

To resolve this issue, obtain the latest service pack for Microsoft Exchange 2000 Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 How to obtain the latest Exchange 2000 Server service pack

This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.



The total number of databases exceeds 50 for Exchange Server 5.5 servers in Exchange Server 2003 clustered environment
In an Exchange Server 2003 clustered environment that includes Exchange Server 5.5 servers, the MTA service supports a maximum of 50 databases. If the number of databases exceeds 50, an event ID 9318 message is logged in the Application log on Exchange Server 5.5 server.

To work around this issue, either reduce the number of databases or use the workaround that is provided in the following article in the Microsoft Knowledge Base:

899302 How to increase the number of databases that are supported by the MTA service when Exchange Server 5.5 coexists with a server cluster that is running Exchange Server 2003



Perform general troubleshooting steps
To troubleshoot this issue, first check network connectivity. To do this, follow these steps:
 * 1) Run a ping command together with the IP address and the server name to contact the server.
 * 2) Run a NET VIEW \\  command to verify NetBIOS name resolution.

If these commands fail, you are not connected to the network. To resolve this issue, check the IP address and the WINS, DNS, and Hosts files.

If you are connected to the network, try to verify the user rights and permissions. To do this, run the following command:

NET USE \\ \IPC$

If this command fails, verify the permissions for the Exchange service account that is being used.

Note If you are running DHCP on the server, you should run ipconfig /release and then run ipconfig /renew.

Verify the service account that is being used by the MTA
To send messages between Exchange Server 5.5 and Exchange 2000 Server or Exchange Server 2003, the Exchange Server 5.5 service account that the MTA uses should have Send As or Receive As permissions on the MTA object of the server that is running Exchange 2000 Server or the server that is running Exchange Server 2003. If the service account does not have these permissions, mail flow between these servers may stop. Additionally, event ID 9318 and 9297 messages are logged on the Exchange 2000 Server server or on Exchange Server 2003 server.

To verify the permissions, follow these steps:  On the Exchange 2000 Server server or on the Exchange Server 2003 server, start Registry Editor. Locate and then click the following key in the registry:  On the Edit menu, click Add Value, and then add the following registry entry:

Value Name: ShowSecurityPage

Type: REG_DWORD

Base: Hexadecimal

Value: 1

 Exit Registry Editor. On the Exchange 2000 Server server or on the Exchange Server 2003 server, start Exchange System Manager.</li> Click the administrative group that is indicated in the event ID 9297 message.</li> Click the server on which the event ID 9297 is logged in the Application log.</li> Click the Protocols container.</li> Click the X.400 object, and then click Properties.</li> Make sure that the Exchange Server 5.5 service account has Send As permissions and Receive As permissions.</li> Restart the Microsoft Exchange MTA service on the Exchange 2000 Server server or on the Exchange Server 2003 server.</li></ol>

Confirm the password that is sent by the MTA
If two Exchange Server 5.5 sites are located in untrusted Microsoft Windows NT domains and if a site connector is used to connect the two sites, make sure that the password that is being sent by the MTA does not expire. When the password that is used by the MTA expires, the MTA on each end of a site connector stops delivering messages. And, an event ID 9318 message that has error code 1330 is logged in the Application log.

To work around this issue, change the password for the user account in both domains. Then, type the new password on the Override tab in the properties of each site connector.

For example, this issue may occur in the following scenario. You create a user account in two domains. You give both accounts the same password. Then, you give the account Service Account Admin permissions for the Organization, Site, and Configuration objects in both sites. You add the account to the Override tab in the properties of each site connector. The Password Never Expires check box in the user account properties is not selected. In this scenario, the password eventually expires. Therefore, an event ID 9318 message that has error code 1330 is logged in the Application log.

<div class="moreinformation_section">

Verify that fully qualified domain name (FQDN) resolution is working
If Exchange Server 5.5 Service Pack 3 (SP3) build 2651.75 or later is installed on the server, the MTA requires fully qualified domain name (FQDN) resolution to operate. Exchange uses Domain Name System (DNS) or Hosts files to perform FQDN. However, in earlier builds of the MTA, the bindback endpoint is an IP address and a port number. The remote MTA ignores the bindback endpoint and uses the address from which the packet came.

For more information about the possible causes of FQDN failure and how to verify that FQDN resolution is working, click the following article number to view the article in the Microsoft Knowledge Base:

266312 How to troubleshoot an event ID 9322 message in Exchange Server 5.5, in Exchange 2000 Server, and in Exchange Server 2003

Make sure that the computer has sufficient RAM
If the computer has insufficient available RAM, the MTA does not deliver messages over a dynamic Remote Access Service (RAS) connector, over an X.400 connector, or over a site connector or during intrasite communication. To determine whether you are experiencing this issue, follow these steps: <ol> Set the MTA diagnostic logging level to Maximum for Field Engineering and for X.400 Service categories. Then, review the Application log to see whether an event ID 9322 message and an event ID 9318 message that has error code 14 are logged.</li> Run the RPC ping command, and then see whether the following message is logged:

-RpcServerUseProtSeqEp returned a status 0xE

</li></ol>

To resolve this issue, examine the computer's available RAM by using either Performance Monitor or Task Manager, and then close programs to make more RAM available. If the computer still has insufficient RAM after you restart the computer, you must add more RAM to your computer.

Keywords: kbprb KB824054

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.