Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9153 Source: MSExchangeSA

Microsoft Exchange System Attendant reported an error "<error code>" when setting DS notification.
As per Microsoft: "This problem is commonly seen in mixed mode Exchange environments, where the old 5.5 servers may have been incorrectly removed". See MSEX2K3DB for additional information on this event.
This whole thing is to do with ADC (Active Directory Connector) and SRS (Site Replicator service). We were running Exchange 5.5 with Windows 2000 which requires ADC to sync up Exchange mailboxes and Windows 2000 Active Directory. I upgraded the site to Exchange 2000 about 2 months ago. (Running fine). For some reason after a restart last week we started getting the MSExchangeSA and FBPublish errors. The problem is that Exchange 2000 does not require ADC to talk to Windows 2000 Active Directory. ADC only needs to be there if there is an Exchange 5.5 server somewhere in you Exchange network. In Exchange 2000 Admin, Site Replication Service, we deleted the connection. I then removed ADC and restarted the server - worked fine - no errors at all. (ADC would not remove until deleting the SRS connection in Exchange 2000 Admin).

Also if there are no other Exchange 5.5 servers in your network you can switch Exchange 2000 from mixed mode to native mode (similar to Windows 2000 same).
This happened when a domain controller was demoted and it was the primary internal DNS for the Exchange server box. Changing the primary DNS address to another DC resolved the issue.
According to the only Q Article I can find (ME328931) this is to do with message tracking also.  You can get a build up in the SMTP Queue which leads to this event being reported. It also may have something to do with Exchnage running in Mixed Mode. On the above article there is a link to Mixed vs. Native which tells you which is the best mode to run in.
I am currently experiencing this error after restoring my public folders due to a faulty replication.  I am going to re-install service pack 3, and then move into Native Mode.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.