MOM 2005, when deployed together with Exchange Management Pack for Exchange Server 2003, uses a verification logon script to verify mailbox availability on servers that are running Exchange Server 2003.
MOM 2005 logs on to monitored mailboxes by using a mailbox access account that has been granted rights to those mailboxes. MOM 2005 does this
by decrypting a copy of the mailbox access account�s credentials that have been stored in the Exchange
server�s registry. The credentials are encrypted and written to the registry by using
either the ExchangeMOMSetCredentialUtility utility or the Exchange Management Pack Configuration Wizard.
Before the encrypted credentials can be stored in the registry on the Exchange
server, a registry key must be generated by a DCOM application. The DCOM application is triggered by the "Exchange - Publish ExMP Data" script. When the script runs successfully and the registry key is generated, the following MOM event is logged for the associated Exchange server. This event can be viewed in the Operator Console of MOM 2005:
Description: Successfully published Exchange Management Pack data required for
performing MAPI logon on Exchange server: "Server_NAME"
This event was generated by the script: "Exchange - Publish ExMP Data"
Domain: Domain_Name
Computer: Exchange_Server_Name
Time: Date Time
Type: Information
Provider Name: Script-generated
Data
Event Number: 9986
Provider Type: Generic Provider
Source: Exchange MOM
MOM may not log event 9986 for several reasons. This article describes how to troubleshoot the issue when event 9986 is not logged on the MOM server.
Issue: The registry key is not present
One reason that event 9986 is not logged for an Exchange server is that the registry key is not present on the Exchange server. In this case, the mailbox access account credentials will not be encrypted and stored.
If this is the case, you will receive the following error message when you run the Exchange Management Pack Configuration Wizard:
Error: Cannot configure the mailbox access account on computer <servername>. This
configuration can only be made after the Exchange MOM event 9986 is registered by
MOM.
You can also manually verify the registry by looking for the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExMPLS
Troubleshooting
If the registry key is not present, you must first determine what failure is
preventing the registry key from being generated. The "Exchange - Publish ExMP Data" script may
generate other MOM events instead of event 9986 for the Exchange server. These events indicate what the problem is.
For example, the following events may be generated in the MOM event log.
- The following event indicates that the DCOM application that is used to create the registry key failed during execution.
- In the Exchange 2000 Management Pack on MOM 2000 with Service Pack 1 (SP1)
Event Number 9970
Type: Error
Source: Exchange MOM
Description: Failed to publish Exchange Management Pack data required for
performing MAPI logon on Exchange server Server_Name
- In the Exchange 2003 Management Pack on MOM 2000 SP1 or MOM 2005
Event Number 10000
Type: Error
Source: Exchange MOM
Description: Failed to publish Exchange Management Pack data required for
performing MAPI logon on Exchange server:"SERVER_NAME". This event was generated by the script: "Exchange - Publish ExMP Data".
- The following event indicates that the DCOM application that was used to create the registry key is not installed or is not registered:
- In the Exchange 2000 Management Pack on MOM 2000 SP1
Event Number 9972
Type: Error
Source: Exchange
MOM
Description: Failed to create the object 'ExchKP.PubKeyPublisher'
- In the Exchange 2003 Management Pack on MOM 2000 SP1 or MOM 2005
Event Number 10001
Type: Error
Source: Exchange MOM
Description: Failed to create the object 'EMPKP.PubKeyPublisher'. This event was
generated by the script: "Exchange - Publish ExMP Data"
Note These events do not appear as alerts in MOM. Therefore, you must specifically look for
these events.
After you confirm the type of event that is logged, you can continue troubleshooting. However, if these events are not logged, you must verify
that the "Exchange - Publish ExMP Data" script is running without failure on the
Exchange server. This script is called from the following two rules:
- Daily Agent Mailbox data generation
- Publish data for Agent Mailbox impersonation
By default, the first rule runs every day at 2:00 A.M. (02:00). The second rule is called whenever the �Check mailbox store availability - MAPI logon test� rule runs. If the rule determines that an Exchange server does not have the ExMPLS registry key, the rule generates event 9987.
If these rules do not run, or if the script does not run, troubleshoot
accordingly.
About the DCOM helper objects
MOM and the Exchange Management Pack require several DCOM applications to run on the Exchange server to implement various monitoring tasks and functions. These
applications are delivered to the Exchange server through DCOM helper objects that
are installed and registered on the server.
The helper objects are called by Exchange Management Pack
scripts as needed. Which DCOM object is responsible for publishing the mailbox access account credential
storage registry key depends on the version of MOM and of Exchange that you are running.
The helper objects for Exchange 2000 and MOM 2000 SP1
The Exchange 2000 helper objects for MOM 2000 SP1 are the ExchKP.exe file and the ExchKPps.dll file.
MOM installs these files on the Exchange 2000 server when the Exchange
Management Pack is deployed and when the associated rules are pushed out to the Exchange
agent servers. These files are installed in the C:\Program Files\Microsoft Operations
Manager 2000\OnePoint folder.
The helper object for Exchange 2000 and MOM 2005
The Exchange 2000 helper object for MOM 2005 is the Empkp.exe file. This file is also pushed
out to the Exchange agent server by MOM when the Exchange Management Pack for MOM 2005 is deployed. The file is installed in the C:\Program Files\Common Files\Exchange 2000 Management Pack Objects folder.
The helper object for Exchange 2003 and MOM 2000 SP1 or MOM 2005
The Exchange 2003 helper object is the Empkp.exe file. This file is copied to an Exchange Server 2003 server during
setup. This file can be verified from the following entries in the Exchange Server Setup Progress.Log file:
[18:22:01] Copying c:\program files\exchsrvr\bin\empkp.exe
[18:34:03] Interpreting line <CreateProcess:C:\Program
Files\Exchsrvr\bin;"C:\Program Files\Exchsrvr\bin\empkp.exe" /regserver;60000> --
ID:31259 --
[18:34:03] Process created ... waiting (60000)
[18:34:03] Process has exited with 00000000
Whether the Empkp.exe file is registered does not depend on the deployment of MOM or of the Exchange Management Pack. Any Exchange Server 2003 server should have Empkp.exe registered in the registry during setup.
Troubleshooting
The first and most useful step in troubleshooting is to confirm the presence of
the helper objects in the locations that were just described. If the helper objects are not present on the server, they can be copied from another source to the appropriate location on the
server, depending on the versions of Exchange Server and of MOM that you are running.
The second step in troubleshooting is to determine whether the DCOM application is registered and is available.
Verify that the ExchKP.exe file or the Empkp.exe file are registered on an Exchange server that is running Microsoft Windows 2000 Server
To locate the ExchKP.exe file or the Empkp.exe file, follow these steps:
- On the affected Exchange server, click Start, click Run, type dcomcnfg, and then
click OK.
- When the Distributed COM Configuration Properties application opens, click the
Applications tab.
- Locate the ExchKP or the EMPKP object in the Applications list.
Verify that the Empkp.exe file is registered on an Exchange Server 2003 server that is running Microsoft Windows Server 2003
To locate the Empkp.exe file, follow these steps:
- On the affected Exchange Server 2003 server, click Start, click Run, type dcomcnfg, and then
click OK.
- When the Component Services application opens, locate Component Services\Computers \My Computer\DCOM Config.
- Locate the EMPKP object.
If the ExchKP.exe file or the Empkp.exe file are not registered successfully, and the DCOM application does not
exist, the DCOM application can be registered manually.
How to manually register the ExchKP.exe file
- Open a command prompt, and then move to the directory in which the ExchKP.exe file and the ExchKP.dll file are located.
- Type ExchMP /regserver, and then click OK.
- Type ExchMP /regsvr32, and then click OK.
- Look for the ExchMPobject by following the previously described procedure.
How to manually register the Empkp.exe file
- Open a command prompt, and then move to the directory in which the Empkp.exe file is located.
- Type EMPKP /regserver, and then click OK.
- Look for the EMPKPobject by following the previously described procedure.
Issue: The DCOM application does not run
If the DCOM application is registered but will not start, an event
is generated in the System event log on the Exchange server. This event is generated every time that
the "Exchange - Publish ExMP Data" script runs. The event may be similar to the
following event:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10000
Date: Date
Time: Time
User: NT AUTHORITY\LOCAL SERVICE
Computer: Exchange_Server_Name
Description: Unable to start a DCOM Server: {94A6DCD0-B6F5-40E8-8C9D-CEE2C7796380}.
The error: "Drive_Letter:\Program Files\Exchsrvr\BIN\empkp.exe -Embedding is not a valid Win32
application.� Happened while starting this command: Drive_Letter:\Program
Files\Exchsrvr\BIN\empkp.exe -Embedding
Troubleshooting
Usually, this issue occurs because the "Exchange - Publish ExMP Data" script cannot locate the DCOM application executable (.exe) file. Look in the registry for the following registry keys and values:
ExchKP.exe on Exchange 2000
HKEY_CLASSES_ROOT\CLSID\{E3D2F927-69FA-4EFD-8D05-8726EF540A06}\LocalServer32
EMPKP.exe on Exchange 2000 or on Exchange 2003
HKEY_CLASSES_ROOT\CLSID\{94A6DCD0-B6F5-40E8-8C9D-CEE2C7796380}\LocalServer32
This registry key should contain a REG_SZ value that contains the path of the Empkp.exe file or the ExchKP.exe file, respectively. For example, the expected default value of the registry entry should be similar to the following value:
C:\PROGRA~1\Exchsrvr\bin\empkp.exe
Verify that this file is located in the path that is specified.
Issue: The ExchKP.PubKeyPublisher object is not created
If the DCOM application is registered, but the ExMPLS registry key is not generated
the next time that the "Exchange - Publish ExMP Data" script runs, there may be an
underlying DCOM permissions issue. This issue prevents the script from creating the
ExchKP.PubKeyPublisher object. This issue generates
event 9972 or event 10001 in MOM, depending on the version of Exchange Server that you are running.
Troubleshooting
To test whether the script is creating the ExchKP.PubKeyPublisher object, save the following three lines of code as a .vbs script file, and then run the file from the affected Exchange server.
Exchange 2000 and MOM 2000 SP1
Set oKeySet=CreateObject("ExchKP.PubKeyPublisher")
ErrID=oKeySet.Publish()
Msgbox ErrID
Exchange 2000, or Exchange 2003 and MOM 2005
Set oKeySet=CreateObject("EMPKP.PubKeyPublisher")
ErrID=oKeySet.Publish()
Msgbox ErrID
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274696�
Actions such as search and drag and drop do not work because the default access permissions have been changed in the Dcomcnfg.exe tool
Conclusion
As soon as the DCOM helper object is registered and is running, the "Exchange - Publish ExMP Data" script can successfully run and generate the registry key that is used to store the
encrypted credentials of the mailbox access account. If event 9986 has been logged on the MOM server
for the associated Exchange server, the ExMPLS registry key should now be present on the Exchange server.
This registry key will hold the REG_BINARY value named DATA0. The DATA0 value holds the binary data that represents the public key BLOB of the mailbox access account credentials. When you see this registry key and this value, the Exchange server is ready to store the encrypted credentials
for the mailbox access account.
The next step is to run the Exchange Management Pack Configuration Wizard or the ExchangeMOMSetCredentialUtility utility
to encrypt and to write the mailbox access account credentials to the registry. The domain, user name, and
password for the mailbox access account are written to the ExMPLS registry key when the credentials are successfully stored.
The values to which the registry key is written are DATA1, DATA2, and DATA3, respectively.