Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to troubleshoot an event ID 9318 message and an event ID 9322 message that contains error code 5

How to troubleshoot an event ID 9318 message and an event ID 9322 message that contains error code 5

View products that this article applies to.

This article was previously published under Q257679
This article is a consolidation of the following previously available articles: 274770, 279030, 289609, 327004, 323733, 298604 and 217142

↑ Back to the top

Summary

This article describes how to troubleshoot scenarios in which an event ID 9318 message and an event ID 9322 message that contains error code 5 may be logged in the event log. This article describes the following scenarios in which these events may occur:
  • You upgrade Microsoft Exchange Server 5.5 to Microsoft Exchange 2000 Server or to Microsoft Exchange Server 2003.
  • You install the Microsoft Windows 2000 Security Rollup Package on a Windows 2000-based server.
  • You use the Dynamic RAS Connector to connect servers in two different untrusted domains.
Additionally, this article describes the following methods that you can use to troubleshoot these event ID messages:
  • Review the service account.
  • Troubleshoot the network connection.

↑ Back to the top

Introduction

This article describes how to troubleshoot the event ID 9318 message and the event ID 9322 message. These events are logged when mail flow stops between two servers that are running Microsoft Exchange Server 5.5 or between a server that is running Exchange Server 5.5 and a server that is running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server.

↑ Back to the top

More information

When you send messages between two servers that are running Microsoft Exchange Server 5.5 or between a server that is running Exchange Server 5.5 and a server that is running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server, mail flow may stop. Additionally, the following issues may occur:
  • On the Exchange 2000 server or on the Exchange Server 2003 server, you can see the messages in the X.400 message transfer agent (MTA) queue for the destination servers. On the Exchange Server 5.5 server, you can see the messages in the MTA queue.
  • The messages eventually returned together with a non-delivery report (NDR) because a time-out occurs.
  • The following RPC event ID messages may be logged in the Application log on both servers:

    Event Type: Warning
    Event Source: MSExchangeMTA
    Event Category: Interface
    Event ID: 9318
    Description:
    An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 4, NT/MTA error code: 5. Comms error 5, Bind error 0, Remote Server Name xxxx [MAIN BASE 1 500 %10] (14)

    Event Type: Warning
    Event Source: MSExchangeMTA
    Event Category: Interface
    Event ID: 9322
    Description:
    An interface error has occurred. An MtaBindBack over RPC has failed. Locality Table (LTAB) index: 13, NT/MTA error code: 5. Comms error 5, Bind error 0, Remote Server Namexxxx, Protocol String ncacn_ip_tcp:16.37.164.181[4749] [BASE IL INCOMING RPC 23 507] (14)

The significant section of the event ID 9318 and 9322 messages is Microsoft Windows and MTA error code 5. Windows error code 5 indicates that there is a security problem between the two servers.

Scenarios in which an event ID 9318 or 9322 may be logged

You upgrade Exchange Server 5.5 to Exchange 2000 or to Exchange Server 2003

Warning If you use the raw mode of the Exchange Server Administrator program (admin /r) incorrectly, serious problems may occur that may require you to reinstall Microsoft Windows NT Server, Microsoft Exchange Server, or both. Microsoft cannot guarantee that problems that result from using raw mode incorrectly can be solved. Use raw mode at your own risk.

If you upgrade an Exchange Server 5.5 server in an Exchange Server 5.5 site to Exchange 2000 Server or to Exchange Server 2003, mail flow stops between the remaining Exchange Server 5.5 servers and all Exchange 2000 and Exchange Server 2003 servers. However, mail flow does not stop between the Exchange 2000 server and the Exchange Server 2003 servers.

↑ Back to the top

References

To resolve this issue, follow these steps:
  1. On the Exchange Server 5.5 server, start the Exchange Administrator program in raw mode. To do this, click Start, click Run, type drive :\exchsrvr\bin\admin.exe /r, and then press ENTER. In this path, drive is the drive on which Exchange is installed.
  2. On the View menu, click Raw Directory.
  3. In the left pane, double-click Schema.
  4. In the right pane, double-click NT-Security-Descriptor.
  5. Click Yes to display the raw properties of the object.
  6. In the List attributes of type list, click All.
  7. In the Object attributes list, click NT-Security-Descriptor.
  8. Click Editor.
  9. Click NT security descriptor, and then click OK.
  10. Click Add.
  11. Click the account that is being used as the Exchange service account, and then click Add.
  12. Click OK.
  13. In the Role box, click Service Account Admin, and then click Apply.
  14. Click OK.
  15. Click Set.
  16. Click Apply, and then click OK.
  17. Click OK, and then click YES in the dialog boxes that appear.
  18. Quit the Administrator program.
  19. Restart all Exchange services.

You install the Microsoft Windows 2000 Security Rollup Package on a Windows 2000Server -based server

Consider the following scenario:
  • An Exchange Server 5.5 site contains a server that is running Microsoft Windows NT 4.0 Service Pack 6 and a server that is running Windows 2000.
  • You install the Microsoft Windows 2000 Security Rollup Package on the Windows 2000-based server.
In this scenario, mail flow stops between the Windows NT-based server and the Windows 2000-based server.

This issue may occur if the following dynamic-link libraries (DLLs) in Microsoft Windows NT Server 4.0 Service Pack 6 do not match the same DLLs in Windows 2000:
  • Schannel.dll
  • Ntlmssps.dll
If these DLLs do not match, the Windows NT 4.0-based server must negotiate a 128-bit connection. However, the 56-bit Windows NT security DLLs cannot decrypt the packets. The Windows 2000 Security Rollup Package forces NTLM version 2 connections to the Windows NT 4.0-based server. In this scenario, messages are queued to be sent to the other server, but the messages are not sent.

To resolve this issue, install the hotfix that is described in the following Microsoft Knowledge Base article:
322051� Programs may not connect to the server with mismatched security DLLs in Windows NT 4.0

You connect two Exchange Server 5.5 servers by using the Dynamic RAS Connector

Consider the following scenario:
  • You connect two Exchange Server 5.5 servers by using the Dynamic RAS Connector over TCP/IP.
  • The servers are in two different untrusted domains.
  • The servers are running Microsoft Windows NT 4.0.
In this scenario, the server that is contacting the other server may log an event ID 9318 message and an event ID 289 Message transfer agent (MTA) message in the Application log. The server that is being contacted will log an event ID 9322 message.

To work around this issue, follow these steps:
  1. Create a new Windows NT user account that is named "Rascon". Repeat this process on each untrusted domain.
  2. Give the new Rascon accounts the same password.
  3. Add the Rascon account to the Domain Admins group.
  4. Use Windows NT User Manager to verify that the Rascon account has the permissions to log on to the Exchange Server 5.5 server.
  5. In the Microsoft Exchange Administrator program, give the new Rascon account Service Account Admin permissions at the Organization, Site, and Configuration levels of the Exchange Server 5.5 server.
  6. Modify the RAS Override tab of the Dynamic RAS Connector to use these new accounts on both Exchange Server 5.5 servers. To do this, follow these steps:
    1. In the Administrator window, click Connections.
    2. In the right pane, double-click the Dynamic RAS Connector that you want to modify.
    3. Click the RAS Override tab.
    4. Type the new Windows NT account and the password for the service account in the remote site.
    5. Confirm your password, and then type the Windows NT domain name of the remote site.
  7. Retest mail flow over the Dynamic RAS Connector.

How to troubleshoot an event ID 9318 or 9322 message

Review the service account

An event ID 9318 or 9322 message may be logged if any one of the following conditions is true:
  • The service account on the Exchange Server 5.5 server does not match the service account on the Exchange 2000 or Exchange Server 2003 server.
  • The service account contains extended characters.
For information about how to resolve these issues, see the following sections.
The service account on the Exchange Server 5.5 server does not match the service account on the Exchange 2000 or Exchange Server 2003 server
An event ID 9318 or 9322 message may be logged if you are working in a mixed environment in which the service account and the password on the Exchange Server 5.5 server does not match the service account and the password on the Exchange 2000 or Exchange 2003 server. This condition may occur if there is a problem with the Exchange Server 5.5 service account or the password that was specified when the Exchange 2000 or Exchange Server 2003 server was installed in the Exchange Server 5.5 site.

To resolve this issue, follow these steps:
  1. Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. Locate the Administrative group in which the Exchange 2000 server was installed.
  3. Right-click the Administrative group, and then click Properties.
  4. On the General tab, click Modify.
  5. Type the password.
If the service account name that appears on the General tab is incorrect, manually change the MSExchLegacyAccount attribute value for the affected Exchange Administrative group. To do this, follow these steps:
  1. Start the ADSI Edit tool.
  2. Expand Configuration Container, expand CN=Configuration, expand CN=Services, expand CN=MicrosoftExchange, expand CN=Organization_Name, expand CN=AdministrativeGroups, and then expand CN=Your Admin Group Name.
  3. Open the CN=Your Admin Group Name properties.
  4. In Windows 2000, click BOTH under Select which Properties to View. In Windows Server 2003, click to select the following check boxes:
    • Show Mandatory Attribute
    • Show Optional Attribute
  5. In Windows 2000, double-click MSExchLegacyAccount under Select a property to view. In Windows Server 2003, double-click MSExchLegacyAccount.
  6. Click CLEAR
  7. Type the Exchange Server 5.5 service account name.
  8. Click Apply.
  9. Quit ADSIEdit.
  10. In Exchange System Manager, examine the Exchange Administrative group properties to make sure that the name of the new Exchange Server 5.5 service account is displayed.
  11. Re-enter the password for the Exchange Server 5.5 service account.

↑ Back to the top

Keywords: KB257679, kbprb

↑ Back to the top

Article Info
Article ID : 257679
Revision : 8
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 333