How to troubleshoot an event ID 9318 message in Exchange Server 2003, in Exchange 2000 Server, and in Exchange Server 5.5 (824054)

MORE INFORMATION

You may experience mail flow issues in Microsoft Exchange Server 5.5, in Microsoft Exchange 2000 Server, and in Microsoft Exchange Server 2003. When you experience this issue, the following events may be logged in the Application log.

Note The error code in the description of the event may vary.Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Interface
Event ID: 9318
Description:
An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 41, Windows 2000/MTA error code: %1. Comms error %2, Bind error %3, Remote Server Name SERVER [MAIN BASE 1 500 %10] (14)Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Security
Event ID: 9297
Description:
The user /o=OrganizationName/ou=AdministratorGroupName/cn=Configuration/cn=Servers/cn=ServerName has caused a security violation. Locality table (LTAB) index: 40. Windows 2000 error code: 0X80070005. [BASE IL MAIN BASE 1 237] (14)Type: Warning
Source: MSExchangeMTA
Category: Interface
Event ID: 9322
Description:
An interface error has occurred. An MtaBindBack over RPC has failed. Locality Table (LTAB) index: 102, NT/MTA error code: 1722. Comms error 1722, Bind error 0, Remote Server Name EMEA28, Protocol String ncacn_ip_tcp:10.44.150.216[2080] [BASE IL INCOMING RPC 36 507] (14) Type: Warning
Source: MSExchangeMTA
Category: Operating System
Event ID: 9215
Description:
A sockets error 10061 on a connect() call was detected. The MTA will attempt to recover the sockets connection. Control block index: 1. [BASE IL TCP/IP DRVR 8 274] (12) Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Connection Manager
Event ID: 4000
Description:
Message delivery to the remote domain 'GUID' failed for the following reason: The remote server did not respond to a connection attempt. For more information about the Microsoft Windows NT, Microsoft Windows 2000 Server, or Microsoft Windows Server 2003 Message Transfer Agent (MTA) error code, type Net HelpMsg ErrorCode at a command prompt.

Scenarios in which an event ID 9318 message may be logged in Exchange Server 5.5

The servers in a site communicate through a firewall that uses NAT

Consider the following scenario:

• Two servers that are running Exchange Server 5.5 Service Pack 4 (SP4) are located in the same site.
• Server1 is in an internal network, 172.x.x.x. Server2 is in external network, 10.x.x.x. The external network is behind a firewall that uses Network Address Translation (NAT).
• NAT is used to translate 10.x.x.x into an internal IP address, 172.x.x.x.

In this scenario, mail may queue on the computer that is behind the firewall until the external server connects to deliver the messages. Additionally, an event ID 9318 message and an event ID 9322 message that includes error code 1722 are logged in the Application log.

The source bridgehead server is not a target bridgehead server for the other end of the Routing Group Connector in Exchange 2000 Server

In Exchange 2000 Server, if a source bridgehead server is not a target bridgehead server for the other end of the Routing Group Connector, MTA may log an event ID 9318 message that contains error code 0. You do not experience mail loss or mail delay. However, you receive confusing warning messages in the Application log.

To resolve this issue, obtain the latest service pack for Microsoft Exchange 2000 Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base: This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.

The total number of databases exceeds 50 for Exchange Server 5.5 servers in Exchange Server 2003 clustered environment

In an Exchange Server 2003 clustered environment that includes Exchange Server 5.5 servers, the MTA service supports a maximum of 50 databases. If the number of databases exceeds 50, an event ID 9318 message is logged in the Application log on Exchange Server 5.5 server.

To work around this issue, either reduce the number of databases or use the workaround that is provided in the following article in the Microsoft Knowledge Base:

MORE INFORMATION

How to troubleshoot an event ID 9318 message

Perform general troubleshooting steps

To troubleshoot this issue, first check network connectivity. To do this, follow these steps:

1. Run a ping command together with the IP address and the server name to contact the server.
2. Run a NET VIEW \\Servername command to verify NetBIOS name resolution.

If these commands fail, you are not connected to the network. To resolve this issue, check the IP address and the WINS, DNS, and Hosts files.

If you are connected to the network, try to verify the user rights and permissions. To do this, run the following command: If this command fails, verify the permissions for the Exchange service account that is being used.

Note If you are running DHCP on the server, you should run ipconfig /release and then run ipconfig /renew.

Verify the service account that is being used by the MTA

To send messages between Exchange Server 5.5 and Exchange 2000 Server or Exchange Server 2003, the Exchange Server 5.5 service account that the MTA uses should have Send As or Receive As permissions on the MTA object of the server that is running Exchange 2000 Server or the server that is running Exchange Server 2003. If the service account does not have these permissions, mail flow between these servers may stop. Additionally, event ID 9318 and 9297 messages are logged on the Exchange 2000 Server server or on Exchange Server 2003 server.

To verify the permissions, follow these steps:

1. On the Exchange 2000 Server server or on the Exchange Server 2003 server, start Registry Editor.
2. Locate and then click the following key in the registry: HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin
3. On the Edit menu, click Add Value, and then add the following registry entry:

   Value Name: ShowSecurityPage
   Type: REG_DWORD
   Base: Hexadecimal
   Value: 1

4. Exit Registry Editor.
5. On the Exchange 2000 Server server or on the Exchange Server 2003 server, start Exchange System Manager.
6. Click the administrative group that is indicated in the event ID 9297 message.
7. Click the server on which the event ID 9297 is logged in the Application log.
8. Click the Protocols container.
9. Click the X.400 object, and then click Properties.
10. Make sure that the Exchange Server 5.5 service account has Send As permissions and Receive As permissions.
11. Restart the Microsoft Exchange MTA service on the Exchange 2000 Server server or on the Exchange Server 2003 server.

Confirm the password that is sent by the MTA

If two Exchange Server 5.5 sites are located in untrusted Microsoft Windows NT domains and if a site connector is used to connect the two sites, make sure that the password that is being sent by the MTA does not expire. When the password that is used by the MTA expires, the MTA on each end of a site connector stops delivering messages. And, an event ID 9318 message that has error code 1330 is logged in the Application log.

To work around this issue, change the password for the user account in both domains. Then, type the new password on the Override tab in the properties of each site connector.

For example, this issue may occur in the following scenario. You create a user account in two domains. You give both accounts the same password. Then, you give the account Service Account Admin permissions for the Organization, Site, and Configuration objects in both sites. You add the account to the Override tab in the properties of each site connector. The Password Never Expires check box in the user account properties is not selected. In this scenario, the password eventually expires. Therefore, an event ID 9318 message that has error code 1330 is logged in the Application log.

Verify that fully qualified domain name (FQDN) resolution is working

If Exchange Server 5.5 Service Pack 3 (SP3) build 2651.75 or later is installed on the server, the MTA requires fully qualified domain name (FQDN) resolution to operate. Exchange uses Domain Name System (DNS) or Hosts files to perform FQDN. However, in earlier builds of the MTA, the bindback endpoint is an IP address and a port number. The remote MTA ignores the bindback endpoint and uses the address from which the packet came.

For more information about the possible causes of FQDN failure and how to verify that FQDN resolution is working, click the following article number to view the article in the Microsoft Knowledge Base:

Make sure that the computer has sufficient RAM

If the computer has insufficient available RAM, the MTA does not deliver messages over a dynamic Remote Access Service (RAS) connector, over an X.400 connector, or over a site connector or during intrasite communication. To determine whether you are experiencing this issue, follow these steps:

1. Set the MTA diagnostic logging level to Maximum for Field Engineering and for X.400 Service categories. Then, review the Application log to see whether an event ID 9322 message and an event ID 9318 message that has error code 14 are logged.
2. Run the RPC ping command, and then see whether the following message is logged:-RpcServerUseProtSeqEp returned a status 0xE

To resolve this issue, examine the computer's available RAM by using either Performance Monitor or Task Manager, and then close programs to make more RAM available. If the computer still has insufficient RAM after you restart the computer, you must add more RAM to your computer.