Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Event ID 9317 is logged when the Microsoft Exchange System Attendant service comes online on an Exchange 2007 cluster node


View products that this article applies to.

Symptoms

You have a Microsoft Exchange Server 2007-based cluster environment. When the Microsoft Exchange System Attendant service comes online on a cluster node, the following events are logged in the Application log:

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9317
Date: <date>
Time: <time>
User: N/A
Computer: <computername>
Description:
Failed to register Service Principal Name for exchangeRFR; error code was c0072098.

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9317
Date: <date>
Time: <time>
User: N/A
Computer: <computername>
Description:
Failed to register Service Principal Name for exchangeMDB; error code was c0072098.

↑ Back to the top


Workaround

To work around this problem, use the Add-ADPermission command to add permissions to an Active Directory object on a server on which the Exchange Management Shell is installed. To do this, follow these steps.

Note You must use an account that has permissions to modify computer account objects in Active Directory.
  1. Run the following command in the Exchange Management Shell.
    add-ADPermission -Identity "cn=exchange-cms,cn=computers,dc=mydomain,dc=com" -User "node-cl1$" -AccessRights WriteProperty -Properties "Validated-SPN"
    Note The -Identity parameter specifies the identity of the object to which the permissions are being granted. The -Identity parameter requires the full name of the user in quotation marks. The "cn=exchange-cms,cn=computers,dc=mydomain,dc=com" placeholder is the clustered Exchange mailbox server distinguished name. The -User parameter specifies the object to which the permissions are being granted. The "node-cl1$" placeholder is the name of the cluster node followed by the dollar sign to specify that it is a computer object.
  2. Replace the value of the -User parameter with the next cluster node, and then run the add-ADPermission command again.

    Note You must run the add-ADPermission command one time for each node in the Exchange 2007 cluster.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

A service principal name (SPN) is a unique name that identifies an instance of a service. An SPN is associated with the logon account under which the service instance runs. Kerberos authentication will fail for Exchange Server services if the SPNs cannot be configured correctly.

↑ Back to the top


Keywords: KB935676, kbtshoot, kbexchcluster, kbexpertiseinter, kbprb

↑ Back to the top

Article Info
Article ID : 935676
Revision : 1
Created on : 4/17/2007
Published on : 4/17/2007
Exists online : False
Views : 311