The Microsoft Exchange System Attendant cluster resource does not come online and Event ID 9154 is logged on a server cluster that is running Exchange Server 2003

After you configure a server cluster that is running Microsoft Exchange Server 2003, you experience all the following symptoms:

• The Microsoft Exchange System Attendant cluster resource does not successfully come online.
• The following event is logged in the Application log:

  Event ID : 9154
  Event Category : General
  Event Source : MSExchangeSA
  Event Type : Error
  Date: date
  Time: time
  User: N/A
  Computer: ComputerName
  Description: DSACCESS returned an error '0x80040920' on DS notification. Microsoft Exchange System Attendant will re-set DS notification later.
  For more information, click http://search.support.microsoft.com/search/?adv=1.

• You run the ExchDump tool to gather information about the configuration from the Exchange Server implementation. When you do this, you notice that the dump file that is generated contains the following information:

  Exchange Domain Servers" may have insufficient rights to the MSExchConfigurationContainer object

This issue may occur when the Exchange Domain Servers group does not have Read permissions for the MSExchConfigurationContainer object in the Active Directory directory service. The error code 0x80040920 that is mentioned in the Description line of the Event ID 9154 message corresponds to the following error message: You may experience this issue if the Exchange Server domain preparation operation (Setup.exe /domainprep) was unable to set this attribute.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
To resolve this issue, give the Exchange Domain Servers group Read permissions for the MSExchConfigurationContainer object. To do this, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

1. Start the Active Directory Service Interfaces (ADSI) Edit tool. To do this, click Start, click Run, type adsiedit.msc in the Open box, and then click OK.
   
   Note This tool is included with the Windows Support Tools. To install the Windows Support Tools on a computer that is running Microsoft Windows 2000, double-click Setup.exe in the Support\Tools folder on the Windows 2000 CD.
   
   To install the Windows Support Tools on a computer that is running Microsoft Windows Server 2003, double-click SUPTOOLS.MSI in the Support\Tools folder on the Windows Server 2003 CD.
2. Connect to a domain controller if the ADSI Edit tool is not already connected. To do this, follow these steps:
   1. In the left pane, right-click ADSI Edit, and then click Connect to.
   2. In the Connection dialog box, click Naming Context, click Configuration Container in the Naming Context list, and then click OK.
3. Expand Configuration Container [computername.contoso.com], expand CN=Configuration,DC=contoso,DC=com, and then expand CN=Services.
4. Right-click CN=Microsoft Exchange, and then click Properties.
5. In the CN=Microsoft Exchange Properties dialog box, click the Security tab.
6. In the Name list, verify whether Exchange Domain Servers appears. If this group does not appear in the Name list, add this group to the list.
7. Click Exchange Domain Servers, and then click to select the Read check box in the Allow column of the Permissions list.
8. Click OK, and then close the ADSI Edit tool.
9. Restart the Microsoft Exchange System Attendant resource.

For more information about how to obtain and use the ExchDump tool, click the following article number to view the article in the Microsoft Knowledge Base: