The Exchange Information Store cannot contact Active Directory
Applies to: Operations Manager Management Pack for Exchange 2010
Topic Last Modified: 2011-08-02
The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.
To learn more about this alert, in Operations Manager, do one or more of the following:
From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.
From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the logged events that meet the criteria of this Operations Manager alert.
Details
Product Name |
Exchange |
Product Version |
14.0 (Exchange 2010) |
Event ID |
^(1121|1001)$ |
Event Source |
MSExchangeIS* |
Rule Path |
Microsoft Exchange Server/Exchange 2010/Common Components/Active Directory Access |
Rule Name |
The Exchange Information Store cannot contact Active Directory. |
Explanation
This Error event indicates that Active Directory server could not be contacted during initialization of the Microsoft Exchange Information Store service. This event may occur when one or more of the following conditions are true:
The Authenticated Users group does not have Read permission on the Configuration container in the Active Directory active directory.
The domain controller to which this Exchange server is trying to connect is not reachable because of network issues.
User Action
To resolve this error, do one or more of the following:
Make sure that the Authenticated Users group has Read permissions. Do the following.
Important If you modify the attributes of Active Directory objects incorrectly when you use Active Directory Service Interfaces (ADSI) Edit, the LDP tool, or another LDAP version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server 2003, Microsoft Exchange Server 2007, or both. Modify Active Directory object attributes at your own risk.
Open ADSI Edit.
Locate and right-click the CN=Configuration,DC=<domain>,DC=<com> container, and then click Properties.
Click the Security tab, and then click Authenticated Users group.
Make sure that the Authenticated Users group has Read permissions enabled.
To make sure that the domain controller to which this Exchange server is trying to connect is reachable, use one of the following methods:
Use the Ping or PathPing command-line tools to test basic connectivity. Use Ping to isolate network hardware problems and incompatible configurations. Use PathPing to detect packet loss over multiple-hop trips. For more information about Ping and PathPing, see Microsoft Knowledge Base article 325487, How to troubleshoot network connectivity problems.
Run the Dcdiag command line tool to test domain controller health. To do this, run dcdiag /s:<Domain Controller Name> at a command prompt on the Exchange Server. Use the output of Dcdiag to find the cause of any failures or warnings that it reports. For more information, see Dcdiag Overview at the Microsoft Windows Server TechCenter.
Review other Error events and Warning events in the Application log. These events may help you find the cause of this error.
For More Information
If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.