Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9318 Source: MSExchangeMTA

Source
Level
Description
An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: <index>, NT/MTA error code: <error code>. Comms error <error code>, Bind error <error code>, Remote Server Name <server name> [MAIN BASE 1 500 %10] (14)
Comments
 
The reason behind this event id is better explained by the error code that is mentioned in the events.
- Error 5: "This issue can occur if there is a problem with the Exchange Server 5.5 service account or password that was specified when the Exchange 2000 server was installed in the Exchange Server 5.5 site." See ME257679, ME279030, ME274770.
- Error 14: "This issue can occur if your computer does not have enough available Random Access Memory (RAM)." See ME275468
- Error 1722: "Similar to Event ID 9318 Source MSExchangeMTA Type Warning. Occurs when Exchange server is unable to locate another Exchange server on the network. I have received both 9318 and 9322 when one of the servers is offline or when using dual-homed Exchange servers and NetBIOS over TCP/IP. Problem on dual-homed exchange servers resolved by adding specific interfaces to be used by each server to each Exchange server's HOST and LMHOST file." See ME266312, ME303156, ME191594, ME279537, ME228901.
- Error 9260: "This may be because the Exchange Server computer's connection to the network infrastructure has changed". See ME225206.

For generic explanation of these error codes see the links to each error code.
This event might as well be related to the Windows Server 2003 SP2 "Scalable Network Package" (SNP) and its changes to TCP/IP processing. In a large migration from Exchange 5.5 to Exchange 2003, we had numerous entries of this event on a number of servers. After we updated the network driver to the latest version (that supports SNP) the events disappeared.
As SNP is the cause of a very large number of issues you should always take it into consideration. See the link to “Windows 2003 Scalable Networking pack and its possible effects on Exchange” for more details.
- Error code: 1722 - See ME247782.
- Error code: 5 - See ME322051.
This was linked to the event root as others mentioned, but when I tried to view the public folders after the final removal of Exchange 5.5, we got an error message about exadmin, with error code c1030af6. If you get this message check ME555341 for information on how to resolve this issue.
Check whether your service account is not locked. We had the same problem until we restarted one of the MTAs and received a logon failure. Then we discovered that the service account was locked.


- Error code: 5 - See ME824054.
- Error code: 1753 - See ME841659 for information on this issue.

A system call from the message transfer agent to the operating system failed. See MSEX2K3DB for additional information on this problem.
I ran into this error at a client site. The LTAB index was 7. The problem was caused by Symantec Antivirus running on the Exchange server, specifically the POP3 e-mail scanning component. This component of Symantec AV Corporate Edition 9 and higher is only designed for workstations. If SAV 9 is installed on Exchange servers and the POP3 scanning component is not disabled you will experience general instability in your Exchange environment such as intermittent traffic between Exchange servers, messages stuck in the queues, etc. The resolution is to rerun SAV 9 setup and deselect the POP3 scanning component. See ME823166 for an overview of Exchange Server 2003 and antivirus software.
If you have just upgraded Exchange, then you should take a look at ME324318. As Per Microsoft: “If you view the Application event log on the Exchange 2000 computer, you may see event ID 9318 message from the message transfer agent (MTA) and event ID 1025 messages from the MSExchangeIS private information store after you apply these changes. These event ID messages are warnings that may occur if Name Resolution using cached DNS naming information in Active Directory fails. These event ID messages are typically removed in three to six days. To remove these warnings more quickly, restart the global catalog servers”. The article discuss about an upgrade from Exchange 5.5 to Exchange 2000. This should also apply to Exchange 2003 servers.
We had this problem after finalizing our migration from Exchange 5.5 to Exchange 2003. There still was an old Exchange 5.5 object under Events Root, so I deleted it and that took care of the errors.
I kept getting this message after we removed the Exchange 5.5 server following an upgrade to Exchange 2003. To fix this go to “Exchange System Manager”, right-click “Public Folders”, and then click “View System Folders”. Expand “Events Root”. Delete the decommissioned server’s event root folder that is being logged in event viewer.
- Error: 1331 - Turns out that I accidentally disabled the Exchange account.
I had this problem and all I had to do was to add the hostname and ip entries in the hosts files of both computers and mail started flowing right away.
I finally resolved this by doing the following: Start Exchange System Manager. Expand Folders. Right-click Public Folders, and then click View System Folders. Expand Events Root. Delete the decommissioned server’s event root folder that is being logged in event viewer.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...