Potential Permissions Problems Found

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2006-05-17

The Microsoft® Exchange Server Analyzer Tool queries the Win32_NTLogEvent Microsoft Windows® Management Instrumentation (WMI) class to determine whether the following Exchange Server Error Events have occurred in the past 24 hours:

  • Event 929.

  • Event 9035.

  • A combination of Events 9003, 9004, and 6004.

Exchange Server Error event 929 can occur because of incorrect access permissions on the Exchange Server objects in the Active Directory® directory service.

Exchange Server Error events 9003, 9004, and 6004 indicate that messages are being trapped in the message categorizer. The message categorizer is a component of the advanced queuing engine that sends Lightweight Directory Access Protocol (LDAP) queries to the global catalog server to perform directory lookups.

The Exchange Server Analyzer also queries Active Directory to determine whether the attributes of the objects related to Exchange indicate that there are permissions-inheritance problems for those objects.

The Exchange Server Analyzer displays an error if the following conditions are true:

  • One of the following Events or combination of Events has been logged in the last 24 hours on a server that has queued messages in its Messages awaiting directory lookup queue:

    • Event 929.

    • Event 9035.

    • The combination of Events 9003, 9004, and 6004.

  • Objects related to Exchange have missing or incorrect access permissions.

This error means that there are permissions-inheritance problems in the Exchange environment that can cause mail to queue.

To resolve this problem, follow the steps in Microsoft Knowledge Base article 907969, "Event ID 929 is logged, and mail is not delivered from one mail server to another mail server in an Exchange 2000 Server organization" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=907969).

For more information about Exchange Server 2003 events and errors, see the "Events and Errors Message Center" (http://go.microsoft.com/fwlink/?LinkId=34258).