How to troubleshoot the issue when event 9986 is not logged in MOM when you monitor Exchange Server 2003 or Exchange 2000 Server

Summary

When you monitor Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server by using Microsoft Operations Manager (MOM) 2005 or Microsoft Operations Manager (MOM) 2000, the logging of event 9986 is a critical indicator of Exchange Server mailbox availability. This article describes how to troubleshoot the issue when event 9986 is not logged in MOM. Additionally, this article describes what the underlying causes may be. The information is organized under the following topics:
  • Issue: The registry key is not present
  • About the DCOM helper objects
  • Issue: The DCOM application does not run
  • Issue: The ExchKP.PubKeyPublisher object is not created
  • Conclusion

INTRODUCTION

In Microsoft Operations Manager (MOM) 2005, a mailbox access account is used to log on locally to the monitored mailboxes in an Exchange Server organization. When the mailbox access account logs on successfully to the monitored mailboxes on each Exchange server, event 9986 is generated. This article describes how to troubleshoot the issue when event 9986 is not logged on the MOM 2005 server for any one of the monitored Exchange servers.

More Information

MOM 2005, when deployed together with Exchange Management Pack for Exchange Server 2003, uses a verification logon script to verify mailbox availability on servers that are running Exchange Server 2003.

MOM 2005 logs on to monitored mailboxes by using a mailbox access account that has been granted rights to those mailboxes. MOM 2005 does this by decrypting a copy of the mailbox access account’s credentials that have been stored in the Exchange server’s registry. The credentials are encrypted and written to the registry by using either the ExchangeMOMSetCredentialUtility utility or the Exchange Management Pack Configuration Wizard.


Before the encrypted credentials can be stored in the registry on the Exchange server, a registry key must be generated by a DCOM application. The DCOM application is triggered by the "Exchange - Publish ExMP Data" script. When the script runs successfully and the registry key is generated, the following MOM event is logged for the associated Exchange server. This event can be viewed in the Operator Console of MOM 2005:
MOM may not log event 9986 for several reasons. This article describes how to troubleshoot the issue when event 9986 is not logged on the MOM server.

Issue: The registry key is not present

One reason that event 9986 is not logged for an Exchange server is that the registry key is not present on the Exchange server. In this case, the mailbox access account credentials will not be encrypted and stored.

If this is the case, you will receive the following error message when you run the Exchange Management Pack Configuration Wizard:
Error: Cannot configure the mailbox access account on computer <servername>. This configuration can only be made after the Exchange MOM event 9986 is registered by MOM.
You can also manually verify the registry by looking for the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExMPLS

Troubleshooting

If the registry key is not present, you must first determine what failure is preventing the registry key from being generated. The "Exchange - Publish ExMP Data" script may generate other MOM events instead of event 9986 for the Exchange server. These events indicate what the problem is.

For example, the following events may be generated in the MOM event log.
  • The following event indicates that the DCOM application that is used to create the registry key failed during execution.
    • In the Exchange 2000 Management Pack on MOM 2000 with Service Pack 1 (SP1)
    • In the Exchange 2003 Management Pack on MOM 2000 SP1 or MOM 2005
  • The following event indicates that the DCOM application that was used to create the registry key is not installed or is not registered:
    • In the Exchange 2000 Management Pack on MOM 2000 SP1
    • In the Exchange 2003 Management Pack on MOM 2000 SP1 or MOM 2005
Note These events do not appear as alerts in MOM. Therefore, you must specifically look for these events.

After you confirm the type of event that is logged, you can continue troubleshooting. However, if these events are not logged, you must verify that the "Exchange - Publish ExMP Data" script is running without failure on the Exchange server. This script is called from the following two rules:
  • Daily Agent Mailbox data generation
  • Publish data for Agent Mailbox impersonation
By default, the first rule runs every day at 2:00 A.M. (02:00). The second rule is called whenever the “Check mailbox store availability - MAPI logon test” rule runs. If the rule determines that an Exchange server does not have the ExMPLS registry key, the rule generates event 9987. If these rules do not run, or if the script does not run, troubleshoot accordingly.

About the DCOM helper objects

MOM and the Exchange Management Pack require several DCOM applications to run on the Exchange server to implement various monitoring tasks and functions. These applications are delivered to the Exchange server through DCOM helper objects that are installed and registered on the server.

The helper objects are called by Exchange Management Pack scripts as needed. Which DCOM object is responsible for publishing the mailbox access account credential storage registry key depends on the version of MOM and of Exchange that you are running.

The helper objects for Exchange 2000 and MOM 2000 SP1

The Exchange 2000 helper objects for MOM 2000 SP1 are the ExchKP.exe file and the ExchKPps.dll file. MOM installs these files on the Exchange 2000 server when the Exchange Management Pack is deployed and when the associated rules are pushed out to the Exchange agent servers. These files are installed in the C:\Program Files\Microsoft Operations Manager 2000\OnePoint folder.

The helper object for Exchange 2000 and MOM 2005

The Exchange 2000 helper object for MOM 2005 is the Empkp.exe file. This file is also pushed out to the Exchange agent server by MOM when the Exchange Management Pack for MOM 2005 is deployed. The file is installed in the C:\Program Files\Common Files\Exchange 2000 Management Pack Objects folder.

The helper object for Exchange 2003 and MOM 2000 SP1 or MOM 2005

The Exchange 2003 helper object is the Empkp.exe file. This file is copied to an Exchange Server 2003 server during setup. This file can be verified from the following entries in the Exchange Server Setup Progress.Log file:
[18:22:01] Copying c:\program files\exchsrvr\bin\empkp.exe

[18:34:03] Interpreting line <CreateProcess:C:\Program
Files\Exchsrvr\bin;"C:\Program Files\Exchsrvr\bin\empkp.exe" /regserver;60000> --
ID:31259 --
[18:34:03] Process created ... waiting (60000)
[18:34:03] Process has exited with 00000000
Whether the Empkp.exe file is registered does not depend on the deployment of MOM or of the Exchange Management Pack. Any Exchange Server 2003 server should have Empkp.exe registered in the registry during setup.

Troubleshooting

The first and most useful step in troubleshooting is to confirm the presence of the helper objects in the locations that were just described. If the helper objects are not present on the server, they can be copied from another source to the appropriate location on the server, depending on the versions of Exchange Server and of MOM that you are running.

The second step in troubleshooting is to determine whether the DCOM application is registered and is available.
Verify that the ExchKP.exe file or the Empkp.exe file are registered on an Exchange server that is running Microsoft Windows 2000 Server
To locate the ExchKP.exe file or the Empkp.exe file, follow these steps:
  1. On the affected Exchange server, click Start, click Run, type dcomcnfg, and then click OK.
  2. When the Distributed COM Configuration Properties application opens, click the
    Applications tab.
  3. Locate the ExchKP or the EMPKP object in the Applications list.
Verify that the Empkp.exe file is registered on an Exchange Server 2003 server that is running Microsoft Windows Server 2003
To locate the Empkp.exe file, follow these steps:
  1. On the affected Exchange Server 2003 server, click Start, click Run, type dcomcnfg, and then click OK.
  2. When the Component Services application opens, locate Component Services\Computers \My Computer\DCOM Config.
  3. Locate the EMPKP object.
If the ExchKP.exe file or the Empkp.exe file are not registered successfully, and the DCOM application does not exist, the DCOM application can be registered manually.

How to manually register the ExchKP.exe file

  1. Open a command prompt, and then move to the directory in which the ExchKP.exe file and the ExchKP.dll file are located.
  2. Type ExchMP /regserver, and then click OK.
  3. Type ExchMP /regsvr32, and then click OK.
  4. Look for the ExchMPobject by following the previously described procedure.

How to manually register the Empkp.exe file

  1. Open a command prompt, and then move to the directory in which the Empkp.exe file is located.
  2. Type EMPKP /regserver, and then click OK.
  3. Look for the EMPKPobject by following the previously described procedure.

Issue: The DCOM application does not run

If the DCOM application is registered but will not start, an event is generated in the System event log on the Exchange server. This event is generated every time that the "Exchange - Publish ExMP Data" script runs. The event may be similar to the following event:

Troubleshooting

Usually, this issue occurs because the "Exchange - Publish ExMP Data" script cannot locate the DCOM application executable (.exe) file. Look in the registry for the following registry keys and values:
ExchKP.exe on Exchange 2000
HKEY_CLASSES_ROOT\CLSID\{E3D2F927-69FA-4EFD-8D05-8726EF540A06}\LocalServer32
EMPKP.exe on Exchange 2000 or on Exchange 2003
HKEY_CLASSES_ROOT\CLSID\{94A6DCD0-B6F5-40E8-8C9D-CEE2C7796380}\LocalServer32
This registry key should contain a REG_SZ value that contains the path of the Empkp.exe file or the ExchKP.exe file, respectively. For example, the expected default value of the registry entry should be similar to the following value:
C:\PROGRA~1\Exchsrvr\bin\empkp.exe
Verify that this file is located in the path that is specified.

Issue: The ExchKP.PubKeyPublisher object is not created

If the DCOM application is registered, but the ExMPLS registry key is not generated the next time that the "Exchange - Publish ExMP Data" script runs, there may be an underlying DCOM permissions issue. This issue prevents the script from creating the ExchKP.PubKeyPublisher object. This issue generates event 9972 or event 10001 in MOM, depending on the version of Exchange Server that you are running.

Troubleshooting

To test whether the script is creating the ExchKP.PubKeyPublisher object, save the following three lines of code as a .vbs script file, and then run the file from the affected Exchange server.
Exchange 2000 and MOM 2000 SP1
Set oKeySet=CreateObject("ExchKP.PubKeyPublisher")
ErrID=oKeySet.Publish()
Msgbox ErrID
Exchange 2000, or Exchange 2003 and MOM 2005
Set oKeySet=CreateObject("EMPKP.PubKeyPublisher")
ErrID=oKeySet.Publish()
Msgbox ErrID
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

274696 Actions such as search and drag and drop do not work because the default access permissions have been changed in the Dcomcnfg.exe tool

Conclusion

As soon as the DCOM helper object is registered and is running, the "Exchange - Publish ExMP Data" script can successfully run and generate the registry key that is used to store the encrypted credentials of the mailbox access account. If event 9986 has been logged on the MOM server for the associated Exchange server, the ExMPLS registry key should now be present on the Exchange server.

This registry key will hold the REG_BINARY value named DATA0. The DATA0 value holds the binary data that represents the public key BLOB of the mailbox access account credentials. When you see this registry key and this value, the Exchange server is ready to store the encrypted credentials for the mailbox access account.

The next step is to run the Exchange Management Pack Configuration Wizard or the ExchangeMOMSetCredentialUtility utility to encrypt and to write the mailbox access account credentials to the registry. The domain, user name, and password for the mailbox access account are written to the ExMPLS registry key when the credentials are successfully stored. The values to which the registry key is written are DATA1, DATA2, and DATA3, respectively.
Propriedades

ID do Artigo: 911143 - Última Revisão: 25 de out de 2007 - Revisão: 1

Comentários