Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The user /o=ORGanization /ou=SITE1 /cn=Configuration /cn=Servers /cn=SERVER1 /cn=Microsoft Private MDB has caused a security violation. Locality table (LTAB) index: 5. Windows NT error code: <error code>. [BASE IL MAIN BASE 1 237] (14)
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Exchange MTA Service?
Setting up Routing Group Connectors to a Exchange 5.5 site requires the use of override credentials. If using other than the E5.5 site's exchange service account and password, this event will show up on the E2k3 server. To correct this, either use the remote site's exchange service account or grant "send as" and "receive as" permissions at the server level for the account used.
See the link to "www.larkware.com - TheDailyGrind125" for information on this event.
As per Microsoft: "The operating system indicates that the user caused a security violation. The user may not have the appropriate permissions to perform this operation". See MSEX2K3DB for more information.
From a newsgroup post: "I had the same error Event ID 9297 after I did a rebuild on my E2K bridgehead server. I was able to fix the problem by following the instructions found in KB article ME325674. Even though my issue was with MTA, the error code was "error code: 0X80070005". The permissions are granted through ADSI as per that article".
See ME824054 and ME842097 for additional information on this event.
This event occurred, and incoming mail queued at the hub-site when a remote Exchange site was using a different Exchange service account than the hub-site Exchange servers. The hub-site serverís service account must have "Service Account Admin" permissions at the "Configuration" level of the remote site. Once permissions were set properly, mail flowed and the 9297 errors stopped. See ME152624 for more details.
As per Microsoft: "To resolve this issue, make sure that the Permissions pages for the organization, site, and configuration objects list the service account with the Service Account Admin role.". See the links below for more details.
There seems to be a problem when a recipient policy contains the Fully Qualified Domain Name (FQDN) of an Exchange Server. ME288175 suggests either to rename the reference to the FQDN inside the policy or to rename the server (which obviuosly is not too preferrable).
We discovered that Exchange - at least sometimes - tries to deliver the concerned mail via X.400 instead of STMP, causing the mail to stay in the X.400 queue and producing this error every 10 minutes. Deleting the mail from the queue should stop the error messages.
|Private comment: Subscribers only. See example of private comment|
|Links: ME152624, ME154298, ME247787, ME288175, ME325674, ME824054, ME842097, www.larkware.com - TheDailyGrind125, MSEX2K3DB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated