Microsoft KB Archive/324354

= XADM: Troubleshooting Public Folder Expansion Problems =

PSS ID Number: 324354

Article Last Modified on 9/18/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server

-



This article was previously published under Q324354



SYMPTOMS
You may experience any or all of the following symptoms:
 * When you click a public folder in Microsoft Outlook, you experience poor response times.
 * Your e-mail program stops responding (hangs) when accessing the Exchange 2000 information store.
 * You cannot access public folders, although you have the correct permissions.
 * You cannot access delegated mailboxes, although you have the correct permissions.

Any of the following messages may be logged in the Exchange 2000 server Application event log:

9548 -

Event Type: Warning

Event Source: MSExchangeIS

Event Category: General

Event ID: 9548

Date: 11/3/2000

Time: 4:24:54 PM

User: N/A

Computer: ALIA

Description:

Disabled user /o=Microsoft/ou=AdminGroup/cn=Recipients/cn=Alias does not have

a master account SID. Please use Active Directory MMC to set an active

account as this user's master account.

9552 -

Event Type: Error

Event Source: MSExchangeIS Public Store

Event Category: General

Event ID: 9552

While processing public folder replication, moving user, or copying folders on database &quot;First Storage Group\Public Folder Store (ServerName), DL /O=Org/OU=Site/CN=Recipients/CN=GroupName could not be converted to a security group. Please grant or deny permissions to this DL on Folder (Public Folders)/TestFolders/TestFolder1 again. This most likely is because your system is in a Mixed mode domain.

9551 -

Event ID: 9551

Source:MSExchangeISPublic

Description: An error occurred while upgrading the ACL on folder [Public

Folders]/Folder located on database &quot;First Storage Group\Public Folder Store

()&quot;.

The Information Store was unable to convert the security for /O=Org/OU=Site/CN=RECIPIENTS/CN=USER1 into a Windows 2000 Security Identifier. It is possible that this is caused by latency in the Active Directory Service, if so, wait until the user record is replicated to the Active Directory and attempt to access the folder (it will be upgraded in place). If the specified object does NOT get replicated to the Active Directory, use the Microsoft Exchange System Manager or the Exchange Client to update the ACL on the folder manually. The access rights in the ACE for this DN were 0x41b.



CAUSE
This problem may occur if the access control list (ACL) for the public folder or mailbox contains old access control entries (ACEs) that are not valid.

The ACEs that are not valid may be entries that originated from Microsoft Windows NT security for Microsoft Exchange Server 5.5 disabled accounts if the Exchange Server 5.5 mailboxes (or public folders) were incorrectly migrated to Exchange 2000.

If a folder (such as a public folder) is shared among many users, and the ACL of the folder contains user accounts that cannot be resolved, the remote procedure call (RPC) thread pool may be used up. As each user tries to access the specific folder, the ACL on the folder must be upgraded.

While the ACL is upgraded, other users are blocked from accessing the folder until the upgrade completes. If many users simultaneously try to access the folder, the RPC thread pool may be used up. The RPC may not allow new connections to the information store until all of the attempts to convert the ACL are complete. Because the ACL contains a user account that cannot be resolved, the ACL cannot be upgraded. This problem occurs for each user account that tries to access the folder.

The issue may also occur if a disabled Active Directory user account associated with the mailbox does not have an msExchMasterAccountSID attribute. For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:

278966 XADM: Unable to Move or Log On to Exchange Resource Mailbox



WORKAROUND
To work around this issue, use either of the following methods.

NOTE: The following workarounds require that you install Exchange 2000 Server Service Pack 3. To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

 Configure the time-out mechanism.

With the latest Exchange 2000 Server Service Pack, you can configure the time-out mechanism. When an ACL cannot be upgraded, the information store does not try to upgrade the ACL again for a set period of time. By default, this period of time is 30 minutes. The result of the previous conversion is returned from cache.

For additional information about how to configure the time-out mechanism, click the article number below to view the article in the Microsoft Knowledge Base:

322258 XADM: The Information Store Intermittently Stops Responding Because of User Accounts That Cannot Be Resolved

 Add and set the Ignore zombie users value.

With the latest Exchange 2000 Server Service Pack, you can add and set the Ignore zombie users value. Use this registry value only when you are sure that the zombie users are not the result of replication issues, such as latency. After you set this registry value to ignore zombie users, every zombie user account that Exchange 2000 encounters is removed from the ACL. If the user is valid but is not in Active Directory at the time that the ACL was upgraded, the user is removed, and you have to manually add the user to each ACL.

For additional information about how add and set the Ignore zombie users values, click the article number below to view the article in the Microsoft Knowledge Base:

324323 XADM: Skipping User Accounts That Are Not Represented in Active Directory During Access Control List Conversion



Additional query words: slow slowness hang performance emstrace

Keywords: kbprb KB324354

Technology: kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchangeSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.