Event ID 9297 Source MSExchangeMTA
| Event ID | 9297 |
| Source | MSExchangeMTA |
| Type | Warning |
| Description | The user /o=ORGanization /ou=SITE1 /cn=Configuration /cn=Servers /cn=SERVER1 /cn=Microsoft Private MDB has caused a security violation. Locality table (LTAB) index: 5. Windows NT error code: <error code>. [BASE IL MAIN BASE 1 237] (14) |
| English, please! | Request a translation of the event description in plain English. |
| Concepts to understand | What is the role of the Exchange MTA Service? |
| Comments |
Stephen Cramer
Setting up Routing Group Connectors to a Exchange 5.5 site requires the use of override credentials. If using other than the E5.5 site's exchange service account and password, this event will show up on the E2k3 server. To correct this, either use the remote site's exchange service account or grant "send as" and "receive as" permissions at the server level for the account used. Anonymous See the link to "www.larkware.com - TheDailyGrind125" for information on this event. Ionut Marin As per Microsoft: "The operating system indicates that the user caused a security violation. The user may not have the appropriate permissions to perform this operation". See MSEX2K3DB for more information. From a newsgroup post: "I had the same error Event ID 9297 after I did a rebuild on my E2K bridgehead server. I was able to fix the problem by following the instructions found in KB article M325674. Even though my issue was with MTA, the error code was "error code: 0X80070005". The permissions are granted through ADSI as per that article". See M824054 and M842097 for additional information on this event. Anonymous This event occurred, and incoming mail queued at the hub-site when a remote Exchange site was using a different Exchange service account than the hub-site Exchange servers. The hub-site server’s service account must have "Service Account Admin" permissions at the "Configuration" level of the remote site. Once permissions were set properly, mail flowed and the 9297 errors stopped. See M152624 for more details. Adrian Grigorof As per Microsoft: "To resolve this issue, make sure that the Permissions pages for the organization, site, and configuration objects list the service account with the Service Account Admin role.". See the links below for more details. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Nils There seems to be a problem when a recipient policy contains the Fully Qualified Domain Name (FQDN) of an Exchange Server. M288175 suggests either to rename the reference to the FQDN inside the policy or to rename the server (which obviuosly is not too preferrable). We discovered that Exchange - at least sometimes - tries to deliver the concerned mail via X.400 instead of STMP, causing the mail to stay in the X.400 queue and producing this error every 10 minutes. Deleting the mail from the queue should stop the error messages. |
| Links | M152624, M154298, M247787, M288175, M325674, M824054, M842097, www.larkware.com - TheDailyGrind125, MSEX2K3DB |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Feedback | Send comments - Notify me when updated |
| Print version |