Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9143 Source: MSExchangeSA

Source
Level
Description
Description: Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.
Comments
 
We had this event on Windows 2000/Exchange 2000 server where someone disabled the only network card on the server. So, in a way, it was false alarm for us.
This problem can occur on a multihomed SBS 2000 or 2003 machine, if the external network card is before the internal network card in the binding order.
As per Microsoft: "Make sure that at least one global catalog server is available for the Exchange server to communicate with. If a domain controller has recently been promoted to be a global catalog, you will need to reboot that machine in order for Exchange server to use it". See MSEX2K3DB for more details.

From a newsgroup post: "Turns out that my old trojan scanner (Moosoft's The Cleaner) on the server was useless, even though the database had been updated. I installed "Anti-Trojan" and it picked up 2 trojan files. On inspection of the server's registry, a batch file had been added to the "Run" folder in "HKLM\software\ms\win" that used the "net share" command to delete the IPC$ and admin$ shares, which, I understand, stops 9x logins. I presume this had been done to allow the hacker to take control and to block other users. I must admit, we were originally looking at the users to start with".
As per Microsoft, this problem is caused by the File and Printer Sharing services not being bound to all the network cards in a multihomed machine. See the link below for more details and resolution.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...