MSExchangeIS 5000 (0x3f5): Invalid Service Account Configured for the Information Store Service
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2007-02-27
The Microsoft® Exchange Database Troubleshooter Tool detected one or more MSExchangeIS 5000 events with error code 0x3f5 in the Application Log. This error occurs when the Microsoft Exchange Information Store service is configured to start with an account other than Local System.
Explanation
This issue can occur if the Microsoft Exchange Information Store service (Store.exe) is using an account other than the Local System account, or if the domain controller, the domain, or the Local Machine Security Policy does not include the Local Service account in the Generate Security Audits policy. When this problem occurs, the Exchange Information Store service fails to initialize. The error applies to the following versions of Exchange server:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2003
Microsoft Exchange 2000 Server
User Action
To resolve this issue, perform one or more of the following:
By default, the Exchange Information Store service uses the Local System account to start the Information Store service (MACHINENAME$). Use the Services.msc snap-in to check which account is being used to start the Information Store service. If the account is the Local System account, you must grant the Local System account the Generate Security Audits right. To do this, use one of the following methods:
Rerun the Exchange Setup /domainprep command from this computer.
Manually grant the Local System account the Generate Security Audits right on one of the following policies:
The domain controller's policy
The domain policy
The Local Machine Security Policy
To re-grant this right to the Local Machine Security Policy of a member server, follow these steps.
Note
This is the recommended solution if this issue is only occurring on one server.
To re-grant audits right to the Local Machine Security Policy of a member server
Click Start, click Administrative Tools, and then click Local Security Policy.
Expand Security Settings, click Local Policies, and then click User Rights Assignment.
In the right pane, double-click Generate security audits, click Add, enter the MACHINENAME$, and then click OK two times.
Exit the Group Policy snap-in.
If you start the Information Store service by using an account that is not the Local System account, you should change it back to the Local System account (MACHINENAME$). Then, try to start the Information Store service. For more information about why Exchange 2000 Server and Exchange Server 2003 use the Local System account to start Exchange services, see Microsoft Knowledge Base article 239762, Exchange Services Run Under LocalSystem.
For More Information
For more information, see Microsoft Knowledge Base article 281850, Information store does not start with event ID 9530 and 5000 messages in Exchange 2000 Server and in Exchange Server 2003.