Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2115 Source: MSExchangeDSAccess

Process <process> (PID=<PID>). DSAccess needs to close a connection to the Domain Controller [<DC>] due to error <error code>.
As per MSEX2K3DB, DSAccess terminated the existing Lightweight Directory Access Protocol (LDAP) connection because of the specified error. The user operation will be retried, and the domain controller will still be used by DSAccess. Lookup the LDAP error code for the actual description of the problem.

From a newsgroup post: "First, please verify if there are other DSAccess related events logged and if the event only appears when you turn on the Diagnostic Logging on the MSExchangeDSAccess. If so, we can safely ignore it as the Exchange server is properly working.
Otherwise, if there are other MSExchangeDSAccess events logged without diagnostic logging, there are problems on MSExchangeDSAccess. We can try the following steps to troubleshoot it:

Step 1: Checking Service Principal Names (SPN) for LDAP.
1. Download the Setspn utility from the Microsoft web site.
Note: The Setspn Utility is for both Windows 2000 and Windows 2003.
2. Run the setspn utility to list the registered Services Principal Names on the Exchange Virtual Server:
setspn -l <Exchange Virtual Server name>
3. Verity if you can see entries about Service Principal Names (SPN) for LDAP. If no, please continue with the following steps to register them manually:
setspn -a ldap/<Exchange Virtual Server name> <Exchange Virtual Server name>
setspn -a ldap/<Exchange Virtual Server name>.xxxxxx.local <Exchange Virtual Server name>
The format is much similar to the entries below which you can see by the "setspn -l <Exchange Virtual Server name>" command.
exchangeMDB/<Exchange Virtual Server name>
exchangeMDB/<Exchange Virtual Server name>.xxxxxx.local.

Step 2: Verifying DSAccess detection setting.
1. Start ESM.
2. Navigate to the Exchange 2003 server object, and open its Properties.
3. On the Directory Access tab, check if all the DCs/GCs are listed properly. Make sure the option "Automatically discover servers" is checked.

Step 3: Checking if there are static configurations.
Starting the Microsoft System Attendant will initialize DSAccess and start the topology detection. DSAccess checks registry keys for any static configuration, it checks the profiles\default key and its subkeys for the operational paramateres and list of DCs and GCs and then the MSExchangeDSAccess\Instance0 key for the configDC. More information is available in ME246228".
Error: 0x80040920 = LDAP_NO_SUCH_OBJECT (Object does not exist).
Error: 0x80040951 = LDAP_SERVER_DOWN (Cannot contact the LDAP server) - May indicate a problem with the connectivity to a domain controller.
Error: 0x80040952 = LDAP_LOCAL_ERROR (Local error occurred)

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.