One or more servers in an Exchange Server routing group cannot connect to the routing group master (924173)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange 2000 Server
  • Microsoft Exchange 2000 Enterprise Server

SYMPTOMS

You may experience one or more of the following symptoms in a Microsoft Exchange Server organization:
  • All the servers in a particular routing group cannot connect to the routing group master. Also, the routing group master cannot connect to itself.
  • A particular server in the routing group cannot connect to the routing group master.
  • The following event may be logged in the Security log:Event ID: 534
    Event Source: Security
    Event Category: Logon/Logoff
    Event Type: Failure
    User: NT Authority\System
    Computer: ServerName
    Description: The user has not been granted the requested logon type at this machine
    username: ServerName$
    Domain: Intra
    Logon type: 3
    Logon process: ntlmssp
  • If you use the Regtrace tool to obtain routing information from the affected Exchange server, the resultant trace file contains the following information from DMON.CPP:

    fConnectedToMaster=0

CAUSE

This problem may occur if the Authenticated Users group has been removed from the Access this computer from the network user right.

RESOLUTION

To resolve this problem, grant the Authenticated Users group the Access this computer from the network user right. To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Expand Local Policies, and then click User Rights Assignment.
  3. In the right pane, double-click Access this computer from network.
  4. In the Local Security Policy Setting dialog box, look for Authenticated Users in the Assigned To list.

    If this item does not appear in the list, add the Authenticated Users group. To do this, follow these steps:
    1. Click Add, type authenticated users, click Check Names, and then click OK.
    2. In the Assigned To box, click to select the Local Policy Setting check box that is displayed next to Authenticated Users.
    3. Click OK.
  5. Exit the Local Security Settings MMC snap-in.
  6. Update the local security policy on the computer. To do this, click Start, click Run, type secedit /refreshpolicy machine_policy /enforce, and then click OK.
  7. Follow steps 1 through 6 on every computer that is a member of the routing group to verify that the Authenticated Users group has the Access this computer from the network user right assigned.

MORE INFORMATION

For the routing group master to connect to itself, the Authenticated Users group requires the Access this computer from the network user right. Additionally, all the computers in the Exchange organization that are running Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 require this user right assignment. This user right assignment is required to let the routing group master transfer routing group packets to the other Exchange servers. These packets are transferred by using a push operation from the routing group master over port 691.

For more information about how to determine which server is configured as the routing group master, click the following article number to view the article in the Microsoft Knowledge Base:

239556 How to change the role of a server within a routing group

For more information about the Regtrace utility, click the following article number to view the article in the Microsoft Knowledge Base:

238614 How to set up Regtrace for Exchange 2000

For more information about how to configure a routing group connector, click the following article number to view the article in the Microsoft Knowledge Base:

319416 How to use routing group connectors to connect routing groups in Exchange 2000

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

842026 Routing status information is not propagated correctly to all servers in Exchange 2000 Server or in Exchange Server 2003

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

914255 How to use the Remonitor tool to clear the cache for the routing engine in an Exchange Server 2003 organization or in an Exchange 2000 Server organization

Modification Type:MinorLast Reviewed:9/14/2006
Keywords:kbEventLog kbenv kbprb KB924173 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.