Microsoft KB Archive/932599

From BetaArchive Wiki

Article ID: 932599

Article Last Modified on 10/25/2007


APPLIES TO

  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition


SYMPTOMS

After you apply a version of Store.exe that is later than 06.05.7651.26 on a computer that is running Microsoft Exchange Server 2003, you experience the following symptoms:

  • You can no longer mount any of the Exchange databases.

  • The following events are logged in the Application log:

    Event ID 9519

    Event Type: Error
    Event Source: MSExchangeIS
    Event Category: General
    Event ID: 9519
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Error 0x89a starting database "First Storage Group\Mailbox Store" on the Microsoft Exchange Information Store.
    For more information, click http://www.microsoft.com/contentredirect.asp.
    Data: 0000: 46 61 69 6c 65 64 20 74 Failed t
    0008: 6f 20 63 6f 6e 66 69 67 o config
    0010: 75 72 65 20 4d 44 42 00 ure MDB.

    Event ID 9518

    Event Type: Error
    Event Source: MSExchangeIS
    Event Category: General
    Event ID: 9518
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Error 0x89a starting Storage Group /DC=com/DC=domain/CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=Org Name/CN=Administrative Groups/CN=AdminGroupName/CN=Servers/CN=ServerName/CN=InformationStore/CN=First Storage Group on the Microsoft Exchange Information Store. MDB failed to start.

For more information about hotfix 926666, click the following article number to view the article in the Microsoft Knowledge Base:

926666 Update for daylight saving time changes in 2007 for Exchange 2003


Note The hotfix that is contained in 926666 is a version of Store.exe that is higher than 06.05.7651.26. Therefore, you may experience this issue after you apply that fix.

CAUSE

This problem may occur if the Microsoft Exchange Information Store service experiences an ecAmbiguousAlias error when enumerating the groups and users that are assigned permissions to the store databases objects in Active Directory. The error occurs when a security identifier (SID) cannot be resolved to a single user. In this scenario, the SID is present in the security descriptor of the database object that will not mount. The SID cannot be resolved to a single user if one of the following conditions is true:

  • The SID is for a well-known user or group, and more than one domain exists in the forest. Therefore, duplicate objectSID objects are created.
  • Two or more of the following objects have matching or conflicting values:
    • objectSID
    • msExchMasterAccountSid
    • sIDHistory
    These three attributes must be unique within the forest.


WORKAROUND

To work around this problem, first check the permissions in the Exchange environment to make sure that no well-known accounts or groups have been defined to the permissions of the Exchange stores. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

243330 Well-known security identifiers in Windows operating systems


Look for well-known objects

Search through the Exchange permissions for well-known objects that are defined on the permissions of the Exchange objects. To do this, follow these steps: Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

  1. Start Exchange System Manager.
  2. Right-click the organization name, and then click Delegate control.
  3. Follow the steps in the Exchange Administration Delegation Wizard to remove all the well-known objects from the Users and groups list. For example, remove the Builtin\Administrators group and so on.
  4. In Exchange System Manager, expand Administrative Groups, right-click the administrative group, and then click Delegate control.
  5. Follow the steps in the Exchange Administration Delegation Wizard to remove all the well-known objects from the Users and groups list.
  6. Start the ADSI Edit tool, and then verify that each store on the server has the Allow inheritable permissions from the parent to propagate to this object and all child objects check box selected. To do this, follow these steps.

    Note The ADSI Edit tool is included with the Windows Support Tools. To install the Windows Support Tools, double-click SUPTOOLS.MSI in the Support\Tools folder on the Microsoft Windows Server 2003 CD.
    1. Click Start, click Run, type adsiedit.msc, and then click OK.
    2. Expand Configuration [domainControllerName.domain.com].
    3. Expand CN=Configuration, DC=domain,DC=com.
    4. Expand CN=Services.
    5. Expand CN=Microsoft Exchange.
    6. Expand CN=OrganizationName.
    7. Expand CN=Administrative Groups.
    8. Expand CN=AdministrativeGroupName.
    9. Expand CN=Servers.
    10. Expand CN=ServerName
    11. Expand CN=InformationStore, and then click CN=StorageGroupName.
    12. In the results pane, right-click CN=Mailbox Store (ServerName), and then click Properties.
    13. Click the Security tab, and then click Advanced.
    14. Verify that the Allow inheritable permissions from the parent to propagate to this object and all child objects check box is selected, and then click OK two times.
    15. In the results pane, right-click CN=Public Folder Store (ServerName), and then click Properties.
    16. Click the Security tab, and then click Advanced.
    17. Verify that the Allow inheritable permissions from the parent to propagate to this object and all child objects check box is selected, and then click OK two times.
  7. Exit the ADSI Edit tool, and then stop and restart the Microsoft Exchange Information Store service.

    Note Sometimes, you may have to restart the server for these settings to take effect.

Conflicting SIDs in other attributes

If you have removed all well-known users from the permissions and restarted the server, and the issue continues, the problem is probably caused by a conflicting value in two of the following objects:

  • objectSID
  • msExchMasterAccountSid
  • sIDHistory

Currently there is no easy method to determine which two objects have these conflicting values. We recommend that you use one of the following methods:

  • Remove all non-default groups and users from the permissions for the Organization and Administrators group levels.
  • Contact Microsoft to help you determine which two objects are conflicting and to help you resolve the issue. To contact Microsoft, visit the following Microsoft Web site:

    http://support.microsoft.com/contactus/?ws=support


RESOLUTION

A hotfix has been released to resolve this problem. Knowledge Base article 930241 describes this hotfix. This hotfix provides the following changes:

  • Well-known group objects will be ignored.
  • When two objects are returned by the SID search, you will only receive an error message.

For more information about this hotfix, click the following article number to view the article in the Microsoft Knowledge Base:

930241 The Exchange 2003 database does not mount, and event IDs 9518 and 9519 are logged in the Application log


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. We are working on a hotfix to resolve this issue.


Additional query words: XADM Exchange2003 Daylight Saving Time Daylight Savings Time DST c1041724 hotfix

Keywords: kbpending kbbug kbeventlog kbenv kbtshoot kbprb KB932599



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/932599&oldid=227901
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki