Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
An error was returned from the messaging software the Internet Mail Service uses to process massages on the Microsoft Exchange Server. It is possible that the piece of mail being processed at the time will be returned to the sender as a failed delivery instead of being delivered. The message will be moved to the BAD folder, if possible, and the error is not a temporary error. Otherwise it will be retried when the service is restarted. Use the appropriate utilities found in the SUPPORT directory of your Exchange CD to view and manipulate messages that have been moved to the "BAD" folder.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Microsoft Exchange Internet Mail Connector service?
As per Microsoft: "A possible cause of these errors is that the Exchange service account lacks the proper access rights to the Winnt\System32 (%System Root%\System32) directory. The service account must have change rights to this directory to be able to modify the Mapisvc.inf file located in the %SystemRoot%\System32 directory. To work around this problem, give the service account at least change rights to the %SystemRoot%\System32 directory". There are several Microsoft articles with information about this event: ME186739, ME163243, ME169223, ME169686, ME174036, ME192186, ME193639, ME197792, ME278320, ME293288, ME316616.
See ME812071 for a hotfix applicable to Microsoft Exchange Server 5.5.
As per Microsoft: "This behavior may occur if an incorrect version of Mapi32.dll is in the Exchsrvr\connect\msexcimc\bin folder". See ME325046 and ME192540 to fix this problem.
As per Microsoft: "This behavior occurs because the Exchange Server Service Account does not have permission to log on to the information store". See ME306308 to fix the problem.
This can also occur because of a corrupted message, or because the Internet Mail Service is damaged. See ME322829 and ME317653 for more details.
From a newsgroup post: "Take the top five oldest messages out of the queue, and then try to restart the IMS. If it still will not start take all of the messages out of the queue and then restart the IMS. You will have to gradually add the messages back in (one or more of the messages is bad). Keep in mind that the messages will not be recognized until you stop and restart the IMS".
From a newsgroup post: "It turns out the “priv.edb” was corrupt, and needed to be rebuilt. I finally got through to PSS last night, and we rebuilt “priv.edb” from an exmerge that I had done earlier in the day".
|Private comment: Subscribers only. See example of private comment|
|Links: ME163243, ME169223, ME169686, ME174036, ME186739, ME192186, ME192540, ME193639, ME197792, ME278320, ME293288, ME306308, ME316616, ME317653, ME322829, ME325046, ME812071|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated