Topic Last Modified: 2007-01-09

The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Started key for the Microsoft Exchange System Attendant service. A value of False indicates that the Exchange System Attendant service is not running. A value of True indicates that the Exchange System Attendant service is running.

The Exchange Server Analyzer also examines the Exchange_Server WMI class in the root\MicrosoftExchangeV2 namespace to determine the value for the IsFrontEndServer key. A value of False indicates that the Exchange Server computer is not a front-end server. A value of True indicates that the Exchange Server computer is a front-end server.

If the Exchange Server Analyzer finds the value for the Started key is set to False on an Exchange Server computer that is not a front-end server, a warning is displayed.

Generally, most Exchange servers will have the System Attendant service running at all times. However, sometimes running the System Attendant service is not required. For example, on an Exchange 2000 Server or Exchange Server 2003 front-end server, the System Attendant service is required only for making configuration changes to the server.

Exchange Server stores all its configuration information in the Active Directory® directory service, including information about recipient policies, Simple Mail Transfer Protocol (SMTP) virtual server configuration, remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP) settings, and user mailboxes. However, SMTP reads its settings from the Internet Information Services (IIS) metabase. To populate the IIS metabase with the information Exchange needs for SMTP and RPC over HTTP functionality, the directory service to metabase (DS2MB) component of the System Attendant replicates the configuration information from Active Directory to the IIS metabase. If the System Attendant is not running, changes made to Exchange Server configuration settings that are stored in Active Directory will not be copied to the Exchange Server IIS metabase. If configuration changes are not being made, and if SMTP messages are not being processed, the System Attendant service can remain in a stopped state.

If you do have configuration changes to make, start the System Attendant service, make the configuration changes, and then wait for those changes to be replicated to the IIS metabase. To determine whether the changes have been replicated from Active Directory to the IIS metabase, check for the presence of three entries in the application event log of the Exchange server that have an event source of MSExchangeMU and an event ID of 1005. These events will be logged after a successful DS2MB replication. As soon as these events are logged, you can stop the System Attendant service.

Unless SMTP is being used on an Exchange 2000 Server or Exchange Server 2003 front-end server, the recommended configuration is to stop the System Attendant service and then set it to disabled. On Exchange 2000 Server or Exchange Server 2003 front-end servers that use SMTP, and on all other Exchange Server computers, the Exchange System Attendant service must be running to be able to deliver messages, service SMTP and mailbox store transactions, and perform DS2MB replication.

The Exchange System Attendant service should always be running on back-end servers and any other Exchange servers that contain mailboxes or public folders.

To correct this warning

  1. Open the Services Microsoft Management Console (MMC) snap-in.

  2. In the right pane, scroll down to the Microsoft Exchange System Attendant service and double-click it. This will display the System Attendant Service Properties dialog box.

  3. Set the value in the Startup type drop-down menu to Automatic.

  4. Click Start to start the System Attendant service.

  5. Click OK to save the changes and close the System Attendant Service Properties dialog box.

  6. Close the Services snap-in.

For more information about disabling the System Attendant service and securing Exchange Servers, see "Securing Exchange 2000 Servers Based on Role" (http://go.microsoft.com/fwlink/?linkid=35585).