Article ID: 278523 - View products that this article applies to.
This article was previously published under Q278523
This article has been archived. It is offered "as is" and will no longer be updated.
When you set up Microsoft Exchange 2000 Server or Exchange 2000 Enterprise Server (hereafter referred to collectively as Exchange 2000), a special account is created that was previously used to facilitate the processing of event synchronization scripts. The account name is EUSER_EXSTOREEVENT, and the password is set to a simple hard-coded password. If you attempt to deploy Exchange 2000 in environments with complex password requirements, you may experience failures during Setup, and you may receive the following error message:
[14:22:18] bad member index -1 CAtomBaseMDB::ScCreateStoreEventAccount (K:\admin\src\udog\exsetdata\components\server\a_basemdb.cxx:290) Error code 0XC00703E5 (997): Overlapped I/O operation is in progress.
The Setup failure is caused because the hard-coded password does not meet the password complexity requirements in some environments. You will experience this failure when you attempt to install an affected version of Exchange 2000 (see the "Status" section for version details) on a domain controller or member server with a strong password policy enabled.
Before You Run SetupTo minimize the security risk that this account represents, manually create an account that uses the same name, EUSER_EXSTOREEVENT, before you run Setup, and give the account a password that meets the password complexity requirements of your company. During installation, Setup will detect that this account already exists and will not attempt to create it or change the password.
When You Install Exchange 2000 on a Member ServerCreate the account as a disabled local user account. The following steps outline how to create an account in the local account database:
When You Install Exchange 2000 on a Domain ControllerCreate the EUSER_EXSTOREEVENT account in Active Directory, and then disable the account. The following steps outline how to create an account in Active Directory:
Manual ProcedureAfter you complete Exchange 2000 Setup, Microsoft recommends that you delete this account to minimize the potential security risk that the well-known account represents. If you are using this account for other reasons, at a minimum, reset the account password to ensure the security of this account.
Tool to Automate ProcedureAs an alternative to the manual process described above, you can obtain the following tool from the following link to automatically correct this security vulnerability: The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
Download Q278523engi.exe now
Collapse this imageExpand this image
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/EN-US/ )How to Obtain Microsoft Support Files from Online Services
Microsoft has confirmed that this is a problem in Exchange 2000. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.
The following Exchange 2000 installation media are affected by this vulnerability:
Example of Filever.exe usage:
CD drive\Support\Utils\I386>filever \setup\i386\exsetdata.dllIf the resulting output contains the following version number (in bold below), you are affected by this vulnerability:
-r--- W321 DLL ENU 6.0.4417.5 shp 2,507,024 08-16-2000 exsetdata.dllIn addition, Exchange 2000 Service Pack 1 includes an additional check for this account and if detected, it will delete the account.
This account represents a security vulnerability if you deploy Exchange 2000 because the account name is well known. In the released version of Exchange 2000, this account is no longer necessary to process event scripts, and should be deleted after Setup is completed.
You can find the Frequently Asked Questions (FAQ) regarding this vulnerability and the patch at the following Microsoft Web site: