Topic Last Modified: 2007-02-15
The Microsoft Exchange Analyzer Tool queries the Win32_NTLogEvent Microsoft Windows Management Instrumentation (WMI) class to determine whether an Event 9551 error has been logged for MSExchangeIS within the last hour.
If the Exchange Analyzer finds that an Event 9551 error has been logged in the last hour, the Exchange Analyzer then counts the total number of Event 9551 errors that have been logged for that hour.
Finally, if the Exchange Analyzer finds that an Event 9551 error has been logged 20 or more times in the last hour, the Exchange Analyzer displays a warning.
This error indicates that there may be user accounts that appear in an access control list (ACL) for a mailbox resource or public folder but are not associated with valid Active Directory directory service objects.
A mailbox that is on a server that is running Microsoft Exchange Server 2003 or Exchange 2000 Server must be represented in Active Directory by a valid Active Directory directory service user account to be accessible.
An account without valid representation in Active Directory can be created if the Exchange 2000 Server or Exchange Server 2003 mailbox resource or public folder is not updated after a mailbox is deleted on the Exchange Server 5.5-based computer.
If the deleted mailbox account remains on the ACL of a mailbox resource or public folder, every time that mailbox resource or public folder is accessed and Exchange tries to resolve the accounts listed, the account with no valid representation in Active Directory cannot be resolved. This process can manifest itself as a performance issue.
To address this issue:
- Make sure that Exchange 2000 Server Service Pack 3 (SP3)
or a later version is installed. To obtain the latest Exchange
2000 Server Service Pack, see Microsoft Knowledge Base article
301378, "How to obtain the latest Exchange 2000 Server service
pack" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=301378).
- Use Exchange System Manager to manually remove the invalid
mailbox accounts from the ACL.
- If the Exchange environment is in Exchange Mixed Mode, run the
DS/IS consistency checker against the information store.
- If the Exchange environment is in Exchange Native Mode, follow
the guidance in Microsoft Knowledge Base article 324323, "XADM:
Skipping User Accounts That Are Not Represented in Active Directory
During Access Control List Conversion" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=324323).
-
Start Exchange System Manager and locate the folder identified by the 9551 error.
-
Right-click the folder and select Properties.
-
Select the Permissions tab and then click Client Permissions.
-
In the Name pane, select the user account identified by the 9551 error and then click the Remove button to remove the account from the ACL.
-
In the Exchange Server 5.5 Administrator program, click the Exchange 5.5 Server computer that contains the information store.
-
On the File menu, click Properties, and then click the Advanced tab.
-
Click Consistency Adjustment.
-
Click to select the Remove unknown user accounts from public folder permissions and the Remove unknown user accounts from mailbox permissions check boxes, and then click All Inconsistencies.
-
Click to clear all other check boxes, and then click OK
For More Information
For more information about this issue, see the following Microsoft Knowledge Base articles and Exchange Server Resources:
- Events and Errors Message Center: Event Details: MSExchangeIS
Mailbox Store Event 9551 details (http://go.microsoft.com/fwlink/?LinkId=83189).
- Microsoft Knowledge Base article 301378, "How to obtain the
latest Exchange 2000 Server service pack" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=301378).
- Microsoft Knowledge Base article 324323, "XADM: Skipping User
Accounts That Are Not Represented in Active Directory During Access
Control List Conversion" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=324323).