Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4116 Source: MSExchangeIMC

An error was returned from the messaging software the Internet Mail Service uses to process massages on the Microsoft Exchange Server. It is possible that the piece of mail being processed at the time will be returned to the sender as a failed delivery instead of being delivered. The message will be moved to the BAD folder, if possible, and the error is not a temporary error. Otherwise it will be retried when the service is restarted. Use the appropriate utilities found in the SUPPORT directory of your Exchange CD to view and manipulate messages that have been moved to the "BAD" folder.
As per Microsoft: "A possible cause of these errors is that the Exchange service account lacks the proper access rights to the Winnt\System32 (%System Root%\System32) directory. The service account must have change rights to this directory to be able to modify the Mapisvc.inf file located in the %SystemRoot%\System32 directory. To work around this problem, give the service account at least change rights to the %SystemRoot%\System32 directory". There are several Microsoft articles with information about this event: ME186739, ME163243, ME169223, ME169686, ME174036, ME192186, ME193639, ME197792, ME278320, ME293288, ME316616.
See ME812071 for a hotfix applicable to Microsoft Exchange Server 5.5.

As per Microsoft: "This behavior may occur if an incorrect version of Mapi32.dll is in the Exchsrvr\connect\msexcimc\bin folder". See ME325046 and ME192540 to fix this problem.

As per Microsoft: "This behavior occurs because the Exchange Server Service Account does not have permission to log on to the information store". See ME306308 to fix the problem.

This can also occur because of a corrupted message, or because the Internet Mail Service is damaged. See ME322829 and ME317653 for more details.

From a newsgroup post: "Take the top five oldest messages out of the queue, and then try to restart the IMS. If it still will not start take all of the messages out of the queue and then restart the IMS. You will have to gradually add the messages back in (one or more of the messages is bad). Keep in mind that the messages will not be recognized until you stop and restart the IMS".

From a newsgroup post: "It turns out the “priv.edb” was corrupt, and needed to be rebuilt. I finally got through to PSS last night, and we rebuilt “priv.edb” from an exmerge that I had done earlier in the day".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.