Information Store database does not mount with Event ID 9519 and 9518

After you apply a version of Store.exe that is later than 06.05.7651.26 on a computer that is running Microsoft Exchange Server 2003, you experience the following symptoms:

• You can no longer mount any of the Exchange databases.
• The following events are logged in the Application log:
  
  Event ID 9519

  Event Type: Error
  Event Source: MSExchangeIS
  Event Category: General
  Event ID: 9519
  Date: date
  Time: time
  User: N/A
  Computer: ServerName
  Description: Error 0x89a starting database "First Storage Group\Mailbox Store" on the Microsoft Exchange Information Store.
  For more information, click http://www.microsoft.com/contentredirect.asp.
  Data: 0000: 46 61 69 6c 65 64 20 74 Failed t
  0008: 6f 20 63 6f 6e 66 69 67 o config
  0010: 75 72 65 20 4d 44 42 00 ure MDB.

  Event ID 9518

  Event Type: Error
  Event Source: MSExchangeIS
  Event Category: General
  Event ID: 9518
  Date: date
  Time: time
  User: N/A
  Computer: ServerName
  Description: Error 0x89a starting Storage Group /DC=com/DC=domain/CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=Org Name/CN=Administrative Groups/CN=AdminGroupName/CN=Servers/CN=ServerName/CN=InformationStore/CN=First Storage Group on the Microsoft Exchange Information Store. MDB failed to start.

For more information about hotfix 926666, click the following article number to view the article in the Microsoft Knowledge Base: Note The hotfix that is contained in 926666 is a version of Store.exe that is higher than 06.05.7651.26. Therefore, you may experience this issue after you apply that fix.

This problem may occur if the Microsoft Exchange Information Store service experiences an ecAmbiguousAlias error when enumerating the groups and users that are assigned permissions to the store databases objects in Active Directory. The error occurs when a security identifier (SID) cannot be resolved to a single user. In this scenario, the SID is present in the security descriptor of the database object that will not mount. The SID cannot be resolved to a single user if one of the following conditions is true:

• The SID is for a well-known user or group, and more than one domain exists in the forest. Therefore, duplicate objectSID objects are created.
• Two or more of the following objects have matching or conflicting values:
  • objectSID
  • msExchMasterAccountSid
  • sIDHistory
  These three attributes must be unique within the forest.

To work around this problem, first check the permissions in the Exchange environment to make sure that no well-known accounts or groups have been defined to the permissions of the Exchange stores. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Look for well-known objects

Search through the Exchange permissions for well-known objects that are defined on the permissions of the Exchange objects. To do this, follow these steps: Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

1. Start Exchange System Manager.
2. Right-click the organization name, and then click Delegate control.
3. Follow the steps in the Exchange Administration Delegation Wizard to remove all the well-known objects from the Users and groups list. For example, remove the Builtin\Administrators group and so on.
4. In Exchange System Manager, expand Administrative Groups, right-click the administrative group, and then click Delegate control.
5. Follow the steps in the Exchange Administration Delegation Wizard to remove all the well-known objects from the Users and groups list.
6. Start the ADSI Edit tool, and then verify that each store on the server has the Allow inheritable permissions from the parent to propagate to this object and all child objects check box selected. To do this, follow these steps.
   
   Note The ADSI Edit tool is included with the Windows Support Tools. To install the Windows Support Tools, double-click SUPTOOLS.MSI in the Support\Tools folder on the Microsoft Windows Server 2003 CD.
   1. Click Start, click Run, type adsiedit.msc, and then click OK.
   2. Expand Configuration [domainControllerName.domain.com].
   3. Expand CN=Configuration, DC=domain,DC=com.
   4. Expand CN=Services.
   5. Expand CN=Microsoft Exchange.
   6. Expand CN=OrganizationName.
   7. Expand CN=Administrative Groups.
   8. Expand CN=AdministrativeGroupName.
   9. Expand CN=Servers.
   10. Expand CN=ServerName
   11. Expand CN=InformationStore, and then click CN=StorageGroupName.
   12. In the results pane, right-click CN=Mailbox Store (ServerName), and then click Properties.
   13. Click the Security tab, and then click Advanced.
   14. Verify that the Allow inheritable permissions from the parent to propagate to this object and all child objects check box is selected, and then click OK two times.
   15. In the results pane, right-click CN=Public Folder Store (ServerName), and then click Properties.
   16. Click the Security tab, and then click Advanced.
   17. Verify that the Allow inheritable permissions from the parent to propagate to this object and all child objects check box is selected, and then click OK two times.
7. Exit the ADSI Edit tool, and then stop and restart the Microsoft Exchange Information Store service.
   
   Note Sometimes, you may have to restart the server for these settings to take effect.

Conflicting SIDs in other attributes

If you have removed all well-known users from the permissions and restarted the server, and the issue continues, the problem is probably caused by a conflicting value in two of the following objects:

• objectSID
• msExchMasterAccountSid
• sIDHistory

Currently there is no easy method to determine which two objects have these conflicting values. We recommend that you use one of the following methods:

• Remove all non-default groups and users from the permissions for the Organization and Administrators group levels.
• Contact Microsoft to help you determine which two objects are conflicting and to help you resolve the issue. To contact Microsoft, visit the following Microsoft Web site:
  http://support.microsoft.com/contactus/?ws=support

A hotfix has been released to resolve this problem. Knowledge Base article 930241 describes this hotfix. This hotfix provides the following changes:

• Well-known group objects will be ignored.
• When two objects are returned by the SID search, you will only receive an error message.

For more information about this hotfix, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. We are working on a hotfix to resolve this issue.