Event ID 8197 Exchange 2003 repeated application error

Anyone out there?

hey for some reason I missed it earlier..
Will check this

Help me someone :(

did you see Method 3 here ?
http://support.microsoft.com/kb/828764/en-us

Yes I saw method three and I have no exchange admin profile and the article doesn't say how to create one or how to resolve when the profile is missing.
Chris

anybody out there?

is the system attendant service running on this server?

Yes

using adsiedit what do you see for the siteFolderServer under properties of:
CN=YourExchAdminGroup,CN=Administrative Groups,CN=YourExchOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=yourdomain,DC=com

you may want to consider creating new system folders
http://support.microsoft.com/kb/822444

I did that in my last question posted for duplicate public folders.  Please explain the path in adsiedit. I have an exchange 2003 server  I'm looking under cn=Configuration,dc=mydomain,dc=com for the above path correct?

Anybody got any suggestions?

Ok now I am recieving this error on my Bes 5.0.2 express server that has the exchange system manager installed on it.  
Event Type:      Warning
Event Source:      MSExchangeCDO
Event Category:      None
Event ID:      1639
Date:            8/25/2010
Time:            11:47:42 AM
User:            N/A
Computer:      ISA
Description:
The description for Event ID ( 1639 ) in Source ( MSExchangeCDO ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: EX:/O=HBCONET/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=AHERSHEY.
Data:
0000: 0f 01 04 80               ...¿    

It repeats for the same user every 10 mins and I have had one other user posting the warning once.

also on the exchange server am getting this error along with the event id 8197

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      MAPI Session
Event ID:      9175
Date:            8/25/2010
Time:            5:12:47 AM
User:            N/A
Computer:      EXCHANGE
Description:
The MAPI call 'OpenMsgStore' failed with the following error:
The information store could not be opened.
The logon to the Microsoft Exchange Server computer failed.
MAPI 1.0
ID no: 80040111-0286-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Anybody Please????

the 9175 typically occurs when a database is offline

i have a diagnostic idea, i am trying to test it...

Open Exchange System Manager and browse down to your server
right-click and view the properties
go to the directory access tab
change the show to global catalog servers

then from a command prompt run the following replacing the dc=mydomain,dc=com to match your domain and replacing SERVERNAME with the global catalog server(s) shown from the previous step
ldifde -f output.ldf -d"dc= mydomain,dc= com " -t 3268 -p subtree -r"(&(objectclass=*)(name= SERVERNAME ))"

please post the output

I need some help with syntax??

U:\>ldifde -f output.ldf -d"dc= hbconet,dc= com " -t 3268 -p subtree -r"(&(objec
tclass=*)(name= SERVER1 ))"
Invalid Parameter: Bad argument '-ddc= hbconet,dc= com '

LDIF Directory Exchange

General Parameters
==================
-i              Turn on Import Mode (The default is Export)
-f filename     Input or Output filename
-s servername   The server to bind to (Default to DC of computer's domain)
-c FromDN ToDN  Replace occurences of FromDN to ToDN
-v              Turn on Verbose Mode
-j path         Log File Location
-t port         Port Number (default = 389)
-u              Use Unicode format
-w timeout      Terminate execution if the server takes longer than the
                specified number of seconds to respond to an operation
                (default = no timeout specified)
-h              Enable SASL layer encryption
-?              Help

Export Specific
===============
-d RootDN       The root of the LDAP search (Default to Naming Context)
-r Filter       LDAP search filter (Default to "(objectClass=*)")
-p SearchScope  Search Scope (Base/OneLevel/Subtree)
-l list         List of attributes (comma separated) to look for
                in an LDAP search
-o list         List of attributes (comma separated) to omit from
                input.
-g              Disable Paged Search.
-m              Enable the SAM logic on export.
-n              Do not export binary values
-x              Include deleted objects (tombstones)

Import
======
-k              The import will go on ignoring 'Constraint Violation'
                and 'Object Already Exists' errors
-y              The import will use lazy commit for better performance
                (enabled by default)
-e              The import will not use lazy commit
-q threads      The import will use the specified number of threads
                (default is 1)

Credentials Establishment
=========================
Note that if no credentials is specified, LDIFDE will bind as the currently
logged on user, using SSPI.

-a UserDN [Password | *]            Simple authentication
-b UserName Domain [Password | *]   SSPI bind method

Example: Simple import of current domain
    ldifde -i -f INPUT.LDF

Example: Simple export of current domain
    ldifde -f OUTPUT.LDF

Example: Export of specific domain with credentials
    ldifde -m -f OUTPUT.LDF
           -b USERNAME DOMAINNAME *
           -s SERVERNAME
           -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
           -r "(objectClass=user)"
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.

U:\>

no spaces after the "="

ldifde -f output.ldf -d"dc=hbconet,dc=com " -t 3268 -p subtree -r"(&(objectclass=*)(name=SERVER1 ))"

Invalid Parameter: Bad argument '-ddc=hbconet,dc=com'

Can you just run

ldifde -f C:\export.ldf -v
and upload the file

we will look into the object from the file.

You are running this from the DC - correct ?

thanks

no I am running from the exchange server. I will run from the DC.

Here ya go!
export.txt

Now run this

ldifde -f "c:\output2.ldf" -t 3268 -p subtree -d "dc=hbconet,dc=com" -r "(&(objectclass=*)(name=EXCHANGE))"

Here ya go!
output2.txt

Jim.

i'm going to review shortly, still sick and struggling

ok thank you

i may be losing my mind at this point, but it appears that this exchange server is also a domain controller
servicePrincipalName: ldap/exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com:3268
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268

not only a domain controller, but also a global catalog
is this true?

if it is, then you need to move it into the Domain Controllers OU

no this is not a domain controller. The previous exchange server was  a DC.

@sunnyc7 - i only have a mixed 2007/2010 environment and I can't remember if this is expected for NSPI proxy of Outlook clients. i'm going to contact a client to pull this query for me in the mean time.

I have 2003 network, will check.

You've to give me sometime.. @ I am stuck with a client on a remote machine.
will post back.

i think we need to use ADSIEdit and remove the LDAP servicePrincipalNames
the exchange server could be attempting to query itself

we have the values in the ldf output file so it is safe to remove

typcial values:
servicePrincipalName: exchangeMDB/mail.contoso.com
servicePrincipalName: exchangeMDB/MAIL
servicePrincipalName: exchangeRFR/mail.contoso.com
servicePrincipalName: exchangeRFR/MAIL
servicePrincipalName: SMTPSVC/MAIL
servicePrincipalName: SMTPSVC/mail.contoso.com
servicePrincipalName: HOST/MAIL
servicePrincipalName: HOST/mail.contoso.com

ok where exactly should I look for these values?  Cn=Configuration,Dc=hbconet,DC=com..CN=services?

under the domain configuration
CN=EXCHANGE,CN=Computers,DC=hbconet,DC=com

just remove the ldap strings all together or add the correct ldap server?

Jim

2 ideas:
a) I am thinking of deleting SPN's which doesnt have a FQDN

These one's from the output here
http:#33532109

servicePrincipalName: exchangeRFR/EXCHANGE
servicePrincipalName: exchangeMDB/EXCHANGE
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268
servicePrincipalName: SMTPSVC/EXCHANGE
servicePrincipalName: HOST/EXCHANGE

--
b) I tested ADFind on 3 different networks with 3 differnet OS.
http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -sc c:computername > c:\adfind.txt

I am pretty sure the errors are because there is no SPN for - LDAP/............GUID..........msdcs.domain.com > entry on HBCONET's ldifde

>servicePrincipalName: ldap/c92519a6-42ff-4695-8077-257e75958cd8._msdcs.CLIENTX.com / 2003
>servicePrincipalName: ldap/c23825f2-c3ab-431c-8fb5-23f6063f5c0b._msdcs.CLIENTy.com / 2000
>>servicePrincipalName: ldap/c27b05c7-0425-48cb-9279-a824642501cc._msdcs.CLIENTz.com / 2008

What do you think ?

Jim
let me know
@ sorry for posting late. Was testing this on 3/4 networks.

2003 / 2000 / 2008 = Domain they are running right now.

Take back the last one @ MSDCS.
there is a MSDCS entry in the original export.txt

@ back to FQDN entry's

Ok this is confusing

--------
2 different exports - from earlier.
Which one did you run from which server ?
Did you run both from the same server ?

SERVER1 is a GC - please confirm
there is a ldap entry for _msdcs in the first export.

--------
LDIFDE from DC - (EXCHANGE)

sAMAccountName: EXCHANGE$
sAMAccountType: 805306369
serverReferenceBL: CN=EXCHANGE,CN=Servers,CN=CorpOfficeSite,CN=Sites,CN=Configuration,DC=hbconet, DC=com
dNSHostName: exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com:3268
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/exchange.hbconet.com:3268
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/EXCHANGE:3268
servicePrincipalName: exchangeRFR/EXCHANGE
servicePrincipalName: exchangeRFR/exchange.hbconet.com
servicePrincipalName: exchangeMDB/EXCHANGE
servicePrincipalName: exchangeMDB/exchange.hbconet.com
servicePrincipalName: MSSQLSvc/exchange.hbconet.com:1433
servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/exchange.hbconet.com
servicePrincipalName: DNS/exchange.hbconet.com
servicePrincipalName: HOST/exchange.hbconet.com/HBCONET
servicePrincipalName: HOST/exchange.hbconet.com/hbconet.com
servicePrincipalName: SMTPSVC/EXCHANGE
servicePrincipalName: SMTPSVC/exchange.hbconet.com
servicePrincipalName: HOST/EXCHANGE
servicePrincipalName: HOST/exchange.hbconet.com

===========

sAMAccountName: SERVER1$
sAMAccountType: 805306369
operatingSystem: Windows Server 2003
operatingSystemVersion: 5.2 (3790)
operatingSystemServicePack: Service Pack 2
serverReferenceBL: CN=SERVER1,CN=Servers,CN=CorpOfficeSite,CN=Sites,CN=Configuration,DC=hbconet,DC=com
dNSHostName: server1.hbconet.com
rIDSetReferences:CN=RID Set,CN=SERVER1,OU=Domain Controllers,DC=hbconet,DC=com

servicePrincipalName: MSSQLSvc/server1.hbconet.com:1067
servicePrincipalName: MSSQLSvc/server1.hbconet.com:1894
servicePrincipalName: MSSQLSvc/server1.hbconet.com:1066
servicePrincipalName: SMTPSVC/SERVER1
servicePrincipalName: SMTPSVC/server1.hbconet.com
servicePrincipalName: MSSQLSvc/server1.hbconet.com:1040
servicePrincipalName: ldap/server1.hbconet.com/ForestDnsZones.hbconet.com
servicePrincipalName: ldap/server1.hbconet.com/DomainDnsZones.hbconet.com
servicePrincipalName: exchangeAB/SERVER1
servicePrincipalName: exchangeAB/server1.hbconet.com
servicePrincipalName: MSSQLSvc/server1.hbconet.com:1172
servicePrincipalName: MSSQLSvc/server1.hbconet.com:1135
servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/server1.hbconet.com
servicePrincipalName: GC/server1.hbconet.com/hbconet.com
servicePrincipalName: HOST/server1.hbconet.com/HBCONET
servicePrincipalName: HOST/SERVER1
servicePrincipalName: HOST/server1.hbconet.com
servicePrincipalName: HOST/server1.hbconet.com/hbconet.com
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/1a6b98cf-b1a4-4c7b-acf9-466ac468a839/hbconet.com
servicePrincipalName: LDAP/1a6b98cf-b1a4-4c7b-acf9-466ac468a839._msdcs.hbconet.com
servicePrincipalName: LDAP/server1.hbconet.com/HBCONET
servicePrincipalName: LDAP/SERVER1
servicePrincipalName: LDAP/server1.hbconet.com
servicePrincipalName: LDAP/server1.hbconet.com/hbconet.com
servicePrincipalName: DNS/server1.hbconet.com

Sry Jim i ran:  ldifde -f "c:\output2.ldf" -t 3268 -p subtree -d "dc=hbconet,dc=com" -r "(&(objectclass=*)(name=EXCHANGE))"
from the exchange server

Here it is from the DC
output2DC.txt

There is no msdcs when you run ldifde from DC and there is one when you run it from Exchange ?

Jim @
how do we figure out this GUID
servicePrincipalName: LDAP/1a6b98cf-b1a4-4c7b-acf9-466ac468a839._msdcs.hbconet.com

HBCONET
Please confirm if Server1 is the global Catalog.

===================

sAMAccountName: EXCHANGE$
sAMAccountType: 805306369
serverReferenceBL: CN=EXCHANGE,CN=Servers,CN=CorpOfficeSite,CN=Sites,CN=Configuration,DC=hbconet,DC=com
dNSHostName: exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com:3268
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/exchange.hbconet.com:3268
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/EXCHANGE:3268
servicePrincipalName: exchangeRFR/EXCHANGE
servicePrincipalName: exchangeRFR/exchange.hbconet.com
servicePrincipalName: exchangeMDB/EXCHANGE
servicePrincipalName: exchangeMDB/exchange.hbconet.com
servicePrincipalName: MSSQLSvc/exchange.hbconet.com:1433
servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/exchange.hbconet.com
servicePrincipalName: DNS/exchange.hbconet.com
servicePrincipalName: HOST/exchange.hbconet.com/HBCONET
servicePrincipalName: HOST/exchange.hbconet.com/hbconet.com
servicePrincipalName: SMTPSVC/EXCHANGE
servicePrincipalName: SMTPSVC/exchange.hbconet.com
servicePrincipalName: HOST/EXCHANGE
servicePrincipalName: HOST/exchange.hbconet.com

server1 is the DC and currently the ONLY DC

will be back in one hour (Lunch) :)

go into ad sites and services and expand the CorpOfficeSite to view a list of servers

serverReferenceBL: CN=EXCHANGE,CN=Servers,CN=CorpOfficeSite,CN=Sites,CN=Configuration,DC=hbconet,DC=com
states that your server EXCHANGE is a domain controller and currently is a member of the CorpOfficeSite AD Site

if that is not the case, then you need to clean out AD of these entries

@endital
I am going with you @ exchange is probably a DC

I need a break @ LDIFDE's and LDAP's.

brb in about 1-2 hrs

Ok Exchange and HBCExchange exist in AD sites and services. Both were old decommisioned DC. I reused the exchange Acct when I changed hardware and this info must have remained from them being DC's. Can I simply delete them from sites and services as both servers accts are NOT DC's ? Also what would be the next step?

yes, you need to remove these servers from there
http://support.microsoft.com/kb/216498

We can always go into how were the DC's removed, but lets focus on the kb and remove the old dc's.

@sunncy7 - welcome back :)

I don't believe exchange was ever a DC but HBCEXCHANGE was dcpromo ed and removed from the network after the process no metadata was cleaned.

@endital
Thanks dude :)

HBCONET > Let me know when you are done with the process from Endital's kb link above.

thanks

we need to make sure that the only servers listed in AD sites and services are active domain controllers
otherwise exchange may attempt to contact them for directory info

ok and running the kb from Server1 (my only dc) correct

yes, that would be the best place

ok I only had server1 listed in the meta data so nothing to clean there. Removed all DNS A, CNAME, etc for the former HBCEXCHANGE and cleaned out AD sites and services and only list server1. Next? :)

you'll need to restart exchange services to get the updates

ok restarted. Got  event id 8197 and 1005 :(  

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      Monitoring
Event ID:      1005
Date:            8/26/2010
Time:            4:29:00 PM
User:            N/A
Computer:      EXCHANGE
Description:
Unexpected error <<0xc1050000 - Network problems are preventing connection to the Microsoft Exchange Server computer. Contact your system administrator if this condition persists. MAPI was unable to load the information service emsabp.dll. Be sure the service is correctly installed and configured. Microsoft Exchange Address Book ID no: 00040380-0000-00000000>> occurred.

For more information, click http://www.microsoft.com/contentredirect.asp.

I will take a dig tomorrow @

Ok how about you endital 1097 ?  Thanks Sunnc7.

he is sick today :(

FYI this is attributtes for servicePrincipalName  
Chris
HBC2.JPG

Will let you know chris.
I was on 3/4 networks today LDIFDE'ing and adfind'ing and comparing with your result.

Need to zoom out and think if i am missing something.

I guess @endital is doing the same thing.
he's sick though :(

Getwellsoonjim.

Ok thanks cya tommorrow

Cya

I will look some more tonight

remove all of the ldap spn values for EXCHANGE to start
i am going to review the files now

also now that these servers have been removed from ad sites and services run
setup /domainprep again

Good morning!  You want me to get rid of these correct?

servicePrincipalName: ldap/exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com:3268
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268
servicePrincipalName:
 E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/exchange.hbconet.com:3268
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/EXCHANGE:3268

Also does it matter where I use ADSIEdit? Exchange or DC?

i would run it from the DC
i would also run the exchange setup with the /domainprep switch after these changes, refresh the domain permissions and groups

Exchange setup?  Using the cd's for exchange?  

yes, from a command prompt run setup /domainprep

ok I ran the command . So far no 8197 error

great, so far
just to keep you up to speed since this has been a long thread
the changes we made were simply correcting some directory issues from orphaned AD objects that happen to be your current production exchange server

a good test now would be to restart the system attendant again

ok just got another 8197 error

what about the 1005? i think they are all tied together under the same issue, but one may be resolved before the other. namely i think the 8197 needs one or two more steps.

can you check that registry key again now to see if the EXadmin<Guid> key is present? the start of the thread :)

Yes I got a 1005 as well and no Exadmin Guid under profiles :(.

Well one promising site is I noticed that users are logged into the public folders. Previously only the NT/authority was the only one logged to the new public folders

that is progress, so the users can no access public folders via outlook
my next questiong was going to be, are all the exchange services running, but that answers it

i'd like to verify the results of what we've done to by running this again

ldifde -f output.ldf -d"dc= yourdomain,dc= com " -t 3268 -p subtree -r"(&(objectclass=*)(name= SERVER1 ))"

thanks, we're getting there

@endital
This deserves an article of it's own.

@sunnyc7 - we've met the character limit, soon we'll have the number of posts equal to that :)  i love a good challenge

:))

@ldifde

You can download and use ADFIND too
http://www.joeware.net/freetools/tools/adfind/index.htm

extract to desktop / c:\adfind\
start > run > cmd
cd to where you extracted

adfind -sc c:SERVERNAME

<-- heavily promoting joeware after I found those tools.

Here ya go
output3.txt

You ran this from server1 - the DC ?

I see a
servicePrincipalName: LDAP/1a6b98cf-b1a4-4c7b-acf9-466ac468a839._msdcs.hbconet.com

Which was not there earlier.

I ran this from the exchange.  
  ldifde -f "c:\output4.ldf" -t 3268 -p subtree -d "dc=hbconet,dc=com" -r "(&(objectclass=*)(name=exchange))"
output4.txt

Why did the these return?

servicePrincipalName: ldap/exchange.hbconet.com
servicePrincipalName: ldap/exchange.hbconet.com:3268
servicePrincipalName: ldap/EXCHANGE
servicePrincipalName: ldap/EXCHANGE:3268

are you sure this server had dcpromo run against it to demote it? it sounds like a service is re-registering these spn values.

Could it be the adam instance that is loaded on this exchange server?  I loaded the instance for Webroot(Our mailsweeper servers off sight) to be able to use ldap for sucessful authentification of Domain email accounts.

It blocks email comming from non-user accounts

Getting these outlook sync errors
Geeting these sync errors in outlook

17:55:02 Synchronizing server changes in folder 'Deleted Items'
17:55:02 Downloading from server 'exchange.hbconet.com'
17:55:32          120 item(s) added to offline folder
17:55:32          85 item(s) deleted in offline folder
17:55:32 Synchronizing server changes in folder 'Junk E-mail'
17:55:32 Downloading from server 'exchange.hbconet.com'
17:55:32 Downloading from server 'exchange.hbconet.com'
17:55:32          1 view(s)/form(s) updated in offline folder
17:55:32          1 view(s)/form(s) deleted in offline folder
17:55:32 Error synchronizing folder
17:55:32              [8004010F-501-8004010F-0]
17:55:32              The client operation failed.
17:55:32              Microsoft Exchange Information Store
17:55:32              For more information on this failure, click the URL below:
17:55:32              http://www.microsoft.com/support/prodredirect/outlook2000_us.asp?err=8004010f-501-8004010f-0
17:55:32 Done
17:55:32 Microsoft Exchange offline address book
17:55:32       0X8004010F

Oab is distributed threough public folders

Will post when I get home in a few hrs

I'll remove it. I ran the analyzer and fixed this citical issue.
HBC2.JPG

Got Rid of Adam and got this error.

Event Type:      Error
Event Source:      MSExchangeFBPublish
Event Category:      General
Event ID:      8207
Date:            8/29/2010
Time:            7:53:47 PM
User:            N/A
Computer:      EXCHANGE
Description:
Error updating public folder with free-busy information on virtual machine EXCHANGE. The error number is 0x8004010f.

For more information, click http://www.microsoft.com/contentredirect.asp.

that error is object not found

use system manager to browse the system folders to ensure it is present
you can also select to update the offline address book

Yep I did that and browsered to the correct folder even though it was listed the same except this time I was able to rebuild the default offine address book. I dismounted the information store and then remounted it. I got my last 8197 error approximately one hour ago before removing ADAM. Only got the one  error 8207.  I then proceeded to restart all exchange services including system attendant and noticed  I had no 1005 error and no 8197!!!! So far looking good!!!!!!

that's good news...
are you still getting the 0x8004010f error

so to summarize, this server was still listed in AD Site and Services as a DC and had ADAM installed
two good reasons to have directory lookup issues

The best practices analyzer located a critical issue combined with removing ADAM and rebuilding the offline address book has fixed all issues including the outlook sync problem.  Thanks for working this out Sunnyc7 and endital1097 especially on a Sunday evening!

Yes you are correct and thank you so much! This thing was driving me crazy!