Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9518 Source: MSExchangeIS

Error <error code or description> starting Storage Group <storage group path> on the Microsoft Exchange Information Store.
<error description>
This event may sometimes be incorrectly reported. See ME241629.

Error 0xfffff764 - as per ME307790, this error may occur if the streaming file (.stm) that is associated with the store database is missing. To resolve this issue, restore the missing streaming file from a good backup to the Exchsrvr\Mdbdata folder.
As per ME327065, this issue can also occura because the streaming file that is associated with the database has been deleted or moved to another location, possibly by your antivirus program.

Error 0xfffffea8 corresponds to JET_errDbTimeCorrupted. This issue occurs if the dbtime on the current page is greater than the global database dbtime. To work around this issue, run the eseutil /d command to defragment the database that is experiencing this issue, and then mount the database. See ME312873.

Error 0xfffffde0 - This issue can occur because in Exchange 2000 SP2, the databases are upgraded to a newer version. Because of this database upgrade in Exchange 2000 SP2, earlier backups that were created before you applied Exchange 2000 SP2 cannot be restored to an Exchange 2000 SP2 system. See ME316794.

Error 0x451 - This may occur due to a conflict of service packs on a Exchange cluster. See ME326017 for resolution. Also, as per ME328968 This issue occurs if one or both of the following conditions are true: after a system "crash, " you rebuild your system and restore the Exchange database without applying the correct service pack (Store.exe version) and you restore the Exchange database on the recovery server without applying the correct service pack (Store.exe version).

Error 0xfffff745 - As per ME307242, this issue can occur if Exchange 2000 cannot create and access files in the folder that the TMP system environment variable specifies. This issue can also occur if Exchange 2000 does not have full control from the root of the drive down to the transaction logs and databases.

Error Disk IO error - This behavior can occur when Exchange 2000 cannot write to the hard disk, and generates an error message: Either software that has been installed has prevented the write operation or the hard disk itself is corrupted. The event message, which accompanies the error message, refers to an error 1022. This type of error occurs when there is a disk input/output (I/O) error: It may mean that the hard disk has been corrupted. See ME300608.

Error 0xfffffb40 - This behavior occurs because the Extensible Storage Engine (ESE) attempts to bring all databases in a storage group to a consistent state during recovery. To accomplish this, ESE keeps track of all databases in the log files for the storage group. If a database is missing, ESE returns the error -1216, and does not start the storage group. See ME264228.

Error Current log file missing - Error -1811 corresponds to JET_errFileNotFound, and can be caused by an E00.log file with mismatching signature and LGeneration. If the E00.log file has a mismatching signature, the information store might not mount even if the database is consistent. See ME294367. As per ME314916, this issue may also occur if you place the Exchange data files on network shares.

Error 0xfffffbf8 - This issue can occur if you do not have the appropriate permissions on the Mdbdata folder to mount the mailbox or public store. See ME290215 and ME282964.

Error Log disk full - As per ME321825, this issue may occur if hackers use your Exchange Server to relay unsolicited e-mail messages (spam). As a result, the Badmail folder fills up with messages that your server cannot handle. The messages cannot be sent back, because the return addresses are not valid (spoofed).
In our case it was the iSCSI storage was not being seen by the application upon start up. Re-ordering the NIC bindings cured this issue.
If you get 0xfffffb40 mounting IS after eseutil /p remove the log files from the database directory.
From a support forum: "In my case, this was caused by the antivirus installed on that system as it was causing the store to lock. I added the store in the A/V exclusion list and the problem is gone."
- Error: Current log file missing - See ME896143.
- Error: 0xfffffbf8 - See the link to "Working with Store Permissions".
- Error: 0xfffff764 - See ME822934.
- Error: 0xfffffde0 - See ME329021.
- Error: 0xfffffc01 - See ME816421 and ME924172.
- Error: 0x89a - See ME930241 and ME932599.
- Error: 0x80004005 - See ME925825.

- Error: 0xfffff764 - See ME823169.
- Error: 0xfffffbf8 - See ME823022.
- Error: 0x80040102 - See ME827283.
- Error: 0xfffffd9a - See ME834154 and ME836611.
- Error: 0xfffffddc - See ME830408 for a hotfix.
- Error: "Current log file missing" - See ME819553.
- Error: 0xfffff743 - See ME294462.
- Error: "Current log file missing" - See ME895856.
- Error: 0xfffffdfe - See ME899386.

See the link to "Veritas Support Document ID: 248098" and MSEX2K3DB for more details on this event.
I received this error in conjunction with EventID 9175 from source MSExchangeSA. Attempts to mount stores terminated with report of corruption. Checking security on the storage group and assigning standard user permissions to Everyone account, then applying, resulted in successful mount of stores thereafter. See comments related to EventID 9175 from source MSExchange also.
This happened after I restored Exchange Server 2000 back a few days ago. What happened was that someone shut down the server while it was replicating over the weekend. From then on, the Exchange 2000 server did not work right. Therefore, I restored the data from a previous backup.
- Error: 0xfffffc01 - The drive that contained my log files was corrupt and did not even appear in Disk Management. Changing the location of the log files in Exchange System Manager fixed the error.
Basically, these errors are a symptom of event id 1087. After fixing the 1087 error, I was able to start the information stores and these errors cleared up.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.