Help and Support

Event ID 9317 is logged when the Microsoft Exchange System Attendant service comes online on an Exchange 2007 cluster node

View products that this article applies to.
Article ID:935676
Last Review:April 17, 2007
Revision:1.0

SYMPTOMS

You have a Microsoft Exchange Server 2007-based cluster environment. When the Microsoft Exchange System Attendant service comes online on a cluster node, the following events are logged in the Application log:

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9317
Date: <date>
Time: <time>
User: N/A
Computer: <computername>
Description:
Failed to register Service Principal Name for exchangeRFR; error code was c0072098.

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9317
Date: <date>
Time: <time>
User: N/A
Computer: <computername>
Description:
Failed to register Service Principal Name for exchangeMDB; error code was c0072098.

Back to the top

WORKAROUND

To work around this problem, use the Add-ADPermission command to add permissions to an Active Directory object on a server on which the Exchange Management Shell is installed. To do this, follow these steps.

Note You must use an account that has permissions to modify computer account objects in Active Directory.
1.Run the following command in the Exchange Management Shell.
add-ADPermission -Identity "cn=exchange-cms,cn=computers,dc=mydomain,dc=com" -User "node-cl1$" -AccessRights WriteProperty -Properties "Validated-SPN"
Note The -Identity parameter specifies the identity of the object to which the permissions are being granted. The -Identity parameter requires the full name of the user in quotation marks. The "cn=exchange-cms,cn=computers,dc=mydomain,dc=com" placeholder is the clustered Exchange mailbox server distinguished name. The -User parameter specifies the object to which the permissions are being granted. The "node-cl1$" placeholder is the name of the cluster node followed by the dollar sign to specify that it is a computer object.
2.Replace the value of the -User parameter with the next cluster node, and then run the add-ADPermission command again.

Note You must run the add-ADPermission command one time for each node in the Exchange 2007 cluster.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

MORE INFORMATION

A service principal name (SPN) is a unique name that identifies an instance of a service. An SPN is associated with the logon account under which the service instance runs. Kerberos authentication will fail for Exchange Server services if the SPNs cannot be configured correctly.

Back to the top

APPLIES TO
Microsoft Exchange Server 2007 Enterprise Edition

Back to the top

Keywords: 
kbprb kbexpertiseinter kbexchcluster kbtshoot KB935676

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Contact Microsoft
    Phone Numbers, Support Options and Pricing, Online Help, and more.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.