Event ID 9548 is logged for Disabled User Accounts which do not have a Exchange master account SID.
26 October 2008
This article explains how to fix this using the Active Directory Attribute Editor tool located on this site.
So you keep getting event id 9548 logged in your Exchange server application log (http://support.microsoft.com/kb/555410/en-us). This is more than likely because you disabled a users account for what ever reason. You didn't know it but the "msExchMasterAccountSid" attribute is empty and Exchange doesn't like it so it keeps complaining.
There are several methods to solving this but I like mine best (of course). The usual method is to open the user account properties and in the "Security" tab look for the "SELF" account and allow it "Associated External Account and Full Mailbox Access" privileges and then click apply and close the properties dialogue. This works but now the mailbox can receive mail again which you probably don't want.
There are some tools for fixing this that have just emerged and one in particular that will address the problem on a large scale (many accounts that are missing the attribute). That tool is located here http://www.msexchange.org/articles/NoMAS-Tool.html.
But for one or two at a time this method works really well and it doesn't open the account to receive mail.
So first download the program here; run it and follow the instructions below
As far as best practices there are only two types I would try to implement, dos batch files or VBScripts. The later being my preference.
-
Open the Active Directory Editor tool.
- Choose the Attribute “objectSid” from the list (should be near the top)
- Enter the “userid” of the account you are fixing.
- Click “Run”. In the lower display box you should see the “sid” for the account.
- Click on “Open” (this will open the log for editing)
- Find the “sid” from the last query you ran (there may be many so look at the date and time). Highlight and copy the “sid” value.
- Look for and highlight (from the list of attributes) the “msExchMasterAccountSid”.
- Select the “Change” radio button.
- Paste the “sid” value from the log file into the “Value for Attribute” box.
- Click on “Run”.
This will fix the problem listed in KB article 555410 http://support.microsoft.com/kb/555410/en-us without having to give the “SELF” account any privileges. And you will stop getting “event id: 9548” in your exchange server application event logs.
This event is also seen in application logs of Exchange 2000 and 2003 servers and in the following KB Articles 291151, 326990, 278966, 328880, 316047.
TrackBack URI for this entry
Subscribe to this comment's feed
Show/Hide comments
Show/Hide comment form