No Master Account SID

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2007-02-14

The Microsoft Exchange Analyzer Tool queries the Win32_NTLogEvent Microsoft Windows Management Instrumentation (WMI) class to determine whether an Event 9548 warning has been logged for MSExchangeIS within the last hour.

If the Exchange Analyzer finds that an Event 9548 warning has been logged in the last hour, the Exchange Analyzer then counts the total number of Event 9548 warnings that have been logged for that hour.

Finally, if the Exchange Analyzer finds that an Event 9548 warning has been logged 20 or more times in the last hour, the Exchange Analyzer displays a warning.

This warning indicates that there may be disabled Active Directory directory service user accounts that are associated with Exchange Server mailboxes and do not have valid msExchMasterAccountSID attributes.

A mailbox that is on a server that is running Microsoft Exchange Server 2003 or Exchange 2000 Server must be linked to an Active Directory directory service user account to be available. This link is accomplished, in part, by setting the msExchMasterAccountSid Active Directory attribute on the mailbox. The Active Directory account to which the Exchange mailbox is linked can be in either an enabled or disabled state. Only disabled accounts should have a user who has the msExchMasterAccountSid attribute.

If the value for the msExchMasterAccountSid attribute on a disabled user account is blank or has become corrupted, and an access control list (ACL) is built that includes that user account, performance issues might occur when that ACL is used to access mailbox or public folder resources.

To address this warning:

• Make sure that Exchange Server 2003 Service Pack 2 (SP2) is installed with the hotfix referenced by Microsoft Knowledge Base article 916783, "A hotfix is available to change the way that Exchange Server 2003 SP2 handles a disabled Active Directory user account that is associated with an Exchange Server 2003 mailbox" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=916783)

• Examine the ACL and user account referenced by the Event 9548 warning to determine whether the msExchMasterAccountSid attribute value is blank or corrupted and, if it is needed, generate a valid msExchMasterAccountSID attribute value for the account following the guidance in Microsoft Knowledge Base article 328880, "How to troubleshoot public folder performance issues that are related to ACL conversions in Exchange 2000 and in Exchange 2003" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=328880)

• Remove the disabled user account from the ACL following the guidance in Microsoft Knowledge Base article 278966, "You cannot move or log on to an Exchange resource mailbox" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=278966)