Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9188 Source: MSExchangeSA

Source
Level
Description
Microsoft Exchange System Attendant failed to read the membership of group 'cn=Exchange Domain Servers,cn=Users,dc=your domain'. Error code '80072030'.

Please check whether the local computer is a member of the group. If it is not, stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services.
Comments
 
We had to take the domain controller at which the Recipient Update Services were pointing offline for maintenance. We configured Recipient Update Services to point to a second domain controller for the duration of our maintenance. When we brought the first domain controller online again, and reconfigured Recipient Update Services to point to the first one again, this error started to be logged on the Exchange 2003 server every 15 minutes. We had not made any changes to the Exchange Domain Servers or Exchange Enterprise Servers groups in Active Directory. We restarted the System Attendant service on the Exchange server, and that fixed the problem for us.
See ME910413 for information about this event.
This is a known issue if you move the following Exchange Groups from the default location which is CN=Users to other OUs:
Exchange Domain Servers (Security Group - Global)
Exchange Enterprise Servers (Security Group - Domain Local)
Exchange Services (Security Group - Global).

To resolve this, you have to move these 3 groups back to the default location which is Users OU, CN=Users.

See ME260914 and ME324949 for more information on this problem.
In my case, this event appeared after I moved the security group "Exchange Domain Servers" from the Users container in Active Directory. After I moved it back, and restarted the Exchange services, everything went back to normal.
As per Microsoft: "This error indicates that the Group polling thread of the System Attendant Process (Mad.exe) was unable to read the membership list of the Group (mentioned in the Description section of the event). There are at least four variations of this event. The Description section of the event will have an Error Code, which indicates the underlying cause. Also, depending on which variation of this event is logged in the application log, the user might see a different symptom". See MSEX2K3DB for more details on this event.

From a newsgroup post: "I had this same problem and resolved two different ways. The first way was when I made the E2K server a DC the error would go away. However, once I demoted it back to a member the error came back. Fortunately, I found help from someone in the newsgroups. They suggested I should go to AD Users and Comps and remove the server in question from the EDS group and restart the system. Once I removed it, the server added it back, by realizing it was an exchange server. This then solved my problem. I have not seen the error for nearly a month since doing this".

See ME842116 for additional information on this event.


As per Microsoft: "This problem can occur because Setup searches for these groups in only the default user container, and if they are not in the default user container Setup determines that the groups do not exist." See the link to ME260914 for more info.

Also, in another Q article: "This behavior occurs because the security group object that is specified in the error message is no longer in the Users container, which is where Exchange Server expects the object to be." See ME294176.

As per ME318552, "These errors can occur when there is a disjoint namespace, where one or more child domains are not under the root domain in the forest."

As per ME278441, "This problem can occur if the public folder has not been stamped with a proxy address (for example, pubfolder@domain.com)".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...