Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9385 Source: MSExchangeSA

Source
Level
Description
Microsoft Exchange System Attendant failed to read the membership of the universal security group "<group name>"; the error code was "<error code>". The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group. If this computer is not a member of the group "<group name>" you should manually stop all Microsoft Exchange services run the task "<task name>" and then restart all Microsoft Exchange services.
Comments
 
If you move a exchange server computer object from one OU to another, the ExchangeSA stores the old Distinguished Name. This is the reason for this error. Just restart the Exchange Server or the System Attendant and the error will be resolved.
Primary group for the Exchange server should be set to "Domain Computers". If it is already, set Primary group to something else (for example "Exchange Servers"), apply, and then change it back to "Domain Computers". Restart Exchange System Attendant service and watch the event log. The error should be gone.
See the link to the "MSExchangeSA Error 9385" for a thread on Microsoft's Exchange forums about this problem.
In our case, we saw Event 9385 pop up on our Exchange 2007 SP2 CCR Node A. After some investigation, we simply restarted the System Attendant service and the error cleared up. See TB266958 for more information.
Restarting the Exchange System Attendant Service resolves this issue. Causes might be cluster failovers or credential cache's timeing out.


Re-enabling IPv6 solved my problem.
New Win 2003 SP2 64-bit Member Server with Exchange 2007 SP2 installed. Seeing a lot of 2114 & 2501 errors on the Win 2003 server which is the 1st Member Server in my Forest to run Exchange. Able to ping the domain and ping domain servers. Re-running DomainPrep and PolicyTest showed no errors.

Followed these steps from ME919089: Added the Win 2003 Member Server to the Exchange Domain Servers Group. Gave Manage auditing and security log permissions to the Exchange Enterprise Servers group in the Default Domain Policy. Rebooted server and all errors stopped.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...