Microsoft KB Archive/281850

= The information store does not start, and event IDs 9530 and 5000 are logged in Exchange 2000 Server and in Exchange Server 2003 =

Article ID: 281850

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q281850



SYMPTOMS
The Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 information store does not start. Additionally, the following events may be logged in the Application log: Event Type: Error

Event Source: MSExchangeIS

Event Category: General

Event ID: 9530

Description:

Error 0x514 occurred while attempting to enable the &quot;Generate Security Audits&quot; privilege.

To grant the Generate Security Audits privilege to the Microsoft Exchange service account, open the Windows 2000 Group Policy editor. If the machine is not domain controller, select the Local Computer policy object.

If it is a domain controller,... ... ...

Event Type: Error

Event Source: MSExchangeIS

Event Category: General

Event ID: 5000

Description:

Unable to initialize the Microsoft Exchange Information Store service. Error 0x3f5.



CAUSE
This issue can occur if either of the following conditions is true:
 * The Exchange 2000 or Exchange 2003 Microsoft Exchange Information Store service (Store.exe) is using an account other than the system account.
 * The domain controller, the domain, or the Local Machine Security Policy does not include the Local Service account in the Generate security audits policy.



RESOLUTION
By default, the Exchange Information Store service uses the Local System account to start the Information Store service (MACHINENAME$). Use the Services.msc snap-in to check which account is being used to start the Information Store service. If the account is the Local System account, you must regrant the Local System account the Generate security audits right. To do this, use one of the following methods:
 * Rerun the Exchange Setup /domainprep command from this computer.
 * Manually grant the Local System account the Generate security audits right on one of the following policies:
 * The domain controller's policy
 * The domain policy
 * The Local Machine Security Policy

To regrant this right to the Local Machine Security Policy of a member server, follow these steps.

Note If this issue is only occurring on one server, this is the recommended solution.
 * 1) Click Start, click Administrative Tools, and then click Local Security Policy.
 * 2) Expand Security Settings, click Local Policies, and then click User Rights Assignment.
 * 3) In the right pane, double-click Generate security audits, click Add, enter the MACHINENAME$, and then click OK two times.
 * 4) Exit the Group Policy snap-in.

If you start the Information Store service by using an account that is not the Local System account, you should change it back to the Local System account (MACHINENAME$). Then, try to start the Information Store service. For more information about why Exchange 2000 Server and Exchange Server 2003 use the Local System account to start Exchange services, click the following article number to view the article in the Microsoft Knowledge Base:

239762 Exchange services run under LocalSystem



MORE INFORMATION
The error codes that are reported in the event IDs indicate the following symptoms:
 * 0x514 = Not all privileges referenced are assigned to the caller.
 * 0x3f5 = ecAuditNotAllowed

Additional query words: XADM

Keywords: kberrmsg kbprb KB281850

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.