Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. XADM: Event ID 9551 Warning Messages Are Not Logged If You Run Exmerge

XADM: Event ID 9551 Warning Messages Are Not Logged If You Run Exmerge

View products that this article applies to.

This article was previously published under Q324114

↑ Back to the top

Symptoms

If you use an administrator account to run Exmerge.exe to identify user accounts that are not represented in Active Directory, the event ID 9551 warning messages that identify those objects and users may not be logged.

↑ Back to the top

Resolution

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301378� XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack
Component: Information store

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date           Time    Version       Size        File name
   ----------------------------------------------------------
    12-JUL-2002   17:08   6.0.5771.28   4,547,136   Store.exe
NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 2.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.

↑ Back to the top

More information

In an environment that is mixed (contains Microsoft Exchange Server 5.5 and Exchange 2000) or an environment that was previously mixed, the access control list (ACL) of mailboxes and public folders may contain user accounts that are not represented in Active Directory. Such users are "zombie" users.

Zombie users may cause a problem if the ACL from Exchange Server 5.5 is upgraded to match the NTDS format that is used in Exchange 2000. Exchange 2000 tries to upgrade the ACL each time that the ACL has to be evaluated. If Exchange 2000 encounters a zombie user during the upgrade, the upgrade does not work. Exchange 2000 tries to upgrade the ACL again the next time that Exchange 2000 accesses the ACL. Zombie users can lead to a range of issues, depending upon how prevalent they are in the environment.

If Exchange 2000 encounters a zombie user during the ACL upgrade, the following warning message is logged. Administrators can use this warning message to identify the object and user account that are in a zombie state:
Event Type: Warning
Event Source: MSExchangeIS Mailbox Store
Event ID: 9551
Description:
An error occurred while upgrading the ACL on folder [MBX:User1]/Calendar located on database "Server1\Mailbox Store 1 (server)". The Information Store was unable to convert the security for /O=ORGANIZATION/OU=SITE/CN=RECIPIENTS/CN=123456 into an NT Security Identifier. It is possible that this is caused by latency in the Active Directory Service, if so, wait until the user record is replicated to the Active Directory and attempt to access the folder (it will be upgraded in place). If the specified object does NOT get replicated to the Active Directory, use the Microsoft Exchange System Manager or the Exchange Client to update the ACL on the folder manually. The access rights in the ACE for this DN were 0x401.
This warning message is logged only if Exchange 2000 accesses the object and cannot upgrade the ACL. If you are an Exchange administrator, you may want to be proactive and use a utility such as Exmerge.exe to identify all of the zombie users in your environment. Exmerge.exe accesses each folder, which forces an upgrade of ACLs. You typically use an Exchange administrator account to run Exmerge.exe, but if you do so, the event ID 9551 warning message is not logged. The fix that this article describes permits administrators to run a utility such as Exmerge.exe to access each folder and identify zombie users with the event ID 9551 error messages. For additional information about how to use the information store to automatically remove identified zombie users, click the article number below to view the article in the Microsoft Knowledge Base:
318549� XADM: Migrated Exchange Server 5.5 Mailboxes Generate Event ID 9551 Warning Messages for the ACL

↑ Back to the top

Keywords: KB324114, kbfix, kbexchange2000sp3fix, kbexchange2000presp3fix, kbbug, kbqfe, kbhotfixserver

↑ Back to the top

Article Info
Article ID : 324114
Revision : 5
Created on : 2/20/2007
Published on : 2/20/2007
Exists online : False
Views : 240