Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Microsoft Exchange System Attendant failed to read the membership of the universal security group "<group name>"; the error code was "<error code>". The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group. If this computer is not a member of the group "<group name>" you should manually stop all Microsoft Exchange services run the task "<task name>" and then restart all Microsoft Exchange services.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Microsoft Exchange System Attendant (MSExchangeSA) service?
If you move a exchange server computer object from one OU to another, the ExchangeSA stores the old Distinguished Name. This is the reason for this error. Just restart the Exchange Server or the System Attendant and the error will be resolved.
Primary group for the Exchange server should be set to "Domain Computers". If it is already, set Primary group to something else (for example "Exchange Servers"), apply, and then change it back to "Domain Computers". Restart Exchange System Attendant service and watch the event log. The error should be gone.
See the link to the "MSExchangeSA Error 9385" for a thread on Microsoft's Exchange forums about this problem.
In our case, we saw Event 9385 pop up on our Exchange 2007 SP2 CCR Node A. After some investigation, we simply restarted the System Attendant service and the error cleared up. See TB266958 for more information.
Restarting the Exchange System Attendant Service resolves this issue. Causes might be cluster failovers or credential cache's timeing out.
Re-enabling IPv6 solved my problem.
New Win 2003 SP2 64-bit Member Server with Exchange 2007 SP2 installed. Seeing a lot of 2114 & 2501 errors on the Win 2003 server which is the 1st Member Server in my Forest to run Exchange. Able to ping the domain and ping domain servers. Re-running DomainPrep and PolicyTest showed no errors.
Followed these steps from ME919089: Added the Win 2003 Member Server to the Exchange Domain Servers Group. Gave Manage auditing and security log permissions to the Exchange Enterprise Servers group in the Default Domain Policy. Rebooted server and all errors stopped.
|Private comment: Subscribers only. See example of private comment|
|Links: MSExchangeSA Error 9385, TB266958|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated