Wednesday, March 22, 2006

Exchange 9548 warnings getting you down?

[Update! This patch is only for E2K3 SP1. The KB article was not clear no this. An SP2 version is in the works.]
One "conventional wisdom" path when it comes to users that have left your company is that you should disable their Windows acccount for some period of time after they leave the company. That helps cover the "Oh shoot!" factor when someone needs tha mailbox or the user suddenly returns to their job and wonders what happened to their e-mail.

However, when you do this, it "disables" the mailbox, too. And you start getting event ID 9548 errors each time that mailbox is accessed or a message delivery to that mailbox is attempted.

The 9548 warning message may have the user's legacyExchagneDN attribute or it may their SMTP address such as the one shown below.

Event Type: Warning
Event Source: MSExchangeIS
Event Category: General
Event ID: 9548
Date: 3/22/2006
Time: 8:06:34 AM
User: N/A
Computer: CTAHNL1
Description:Disabled user mtownley@somorita.com does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.

The behavior is by design and is supposed to let you know when a mailbox does not have a valid security principal. However, all it usually does is fill up the event logs with a lot of unnecessary warning messages. The good news is that Microsoft has gotten tired of hearing us whine and has released a hot fix to change the behavior.

See Microsoft KB 903158: "A hotfix is available to modify the way that Exchange Server 2003 handles a disabled Active Directory user account that is associated with an Exchange Server 2003 mailbox" for more information. You should be able to call your regional PSS center and ask for a hotfix without being charged, just let the call center know that you understand the that the fix has not been fully regression tested and that you will test it first. (You will test it, won't you?)

Thanks to Exchange MVP Ben Winzenz for pointing this new fix out!

2 Comments:

At 11:56 AM, Blogger Devin L. Ganger said...

As I noted on my blog, this patch currently only applies to Exchange Server 2003 SP1 -- if you've got SP2, it won't apply (but the fix isn't in SP2). An SP2 version of the patch is coming, according to the Exchange team.

 
At 2:16 PM, Blogger Jim McBee said...

Hiya Devin! Yep, I found out the same thing when I started digging in to the patch. The KB article is not clear on that. :-(

 

Post a Comment

<< Home