posts - 104 , comments - 115 , trackbacks - 0

Article: Troubleshooting the information store service

Alot of calls I get are related to the information store service of the exchange server not starting. Since troubleshooting why this services does not start is often related to alot of stress (after all, your users and managers will be pounding your door as they cannot access their email) it is always handy to have some reference as to where you can start and what direction it can take.

This is my basic modus operandi so feel free to give suggestions on how to improve it :).

First of all you need to know the 3 major reasons what can cause the IS service to be down:
+ Database problems
+ Active Directory problems
+ The antivirus software is acting up.

I start out simple, I try to eliminate one of the causes.

1. Open Exchange Management Console (or the Exchange System Manager if you're on 2003)
2. Expand untill you reach the database
3. Open the properties of the database
4. Check "Do not mount this database on startup"
5. Click ok
6. Open services.msc

1. Open Start, run
2. Type in services.msc, click "OK"
3. Scroll down untill you reach the Microsoft Exchange Information Store Service.
4. Right click the IS service and try to start it.
5. Does it start?

If the IS service mounts at this point you're most likely going to have a corrupt database. open a command prompt and run the "ESEUTIL /mh priv1.edb" command. Scroll down untill you see the "State" and "Log required" Field:


If you have the database state on "Dirty Shutdown" you'll need to run the following commands on the database:

1. Eseutil /p
2. Eseutil /d
3. ISInteg -s "servername" -test alltest -fix

Follow the on screen instructions for the ISInteg and repeat ISInteg untill all errors have been corrected. This is extremely important as ISInteg fixes the database tables and will either fix or get rid of corrupt items.

Note: ISINTEG is currently not available for Exchange 2010. You can skip step 3 there as 2010 has a self-healing system built in. SP1 for 2010 is expected to have a new ISInteg version.

Depending on how big your database is it might take a while to complete the database recovery. If you need to get your users back online fast you can use the Dialtone recovery method. This means you'll move all the files in the physical location of the database where you can perform the recovery and mount the database in ESM or EMC. It will tell you that it could not find a database and ask you if it can create a new (blank) database. If you confirm a new database can be mounted and users can access new emails that are recieved if they are in online mode and access their old mails only if they have the cached mode enabled.

More information on Dialtone recovery: Part 1 Part 2 Part 3

Now, in case the above did not get your service to start up you have reached a pickle. We need to find out if it's an AD or AV issue!

1. Open Start, run
2. Type in services.msc, click "OK"
3. Scroll down untill you reach the Microsoft Exchange services.
4. Note what services are down. Is only the IS service not functional or is the transport service down as well?

If you're transport service is down as well the likelyhood of it being an Active Directory issue increases!

Try starting the IS Service, it will error out but what is important is that you will now have some events logged in the application log. In most cases these events will be ID 5000 and 1121.

Going into the event log:

1. Open start, run
2. Type in eventvwr, click "OK"
3. expand untill you hit the "Application log"
4. Identify the recent events from source "MSExchangeIS"
5. Also have a look at the events from source "ADAcces"

If events 5000 and 1121 are logged they should point you in the right direction for what is wrong with the AD. Usually it's Exchange that cannot contact the GC. In that case there's a quick and dirty workaround. Note that you should only do this to restore functionality for your environment and it is a temporary measure. After you repair the AD issues you are highly advised to let Exchange choose it's DC/GC!

+ For Exchange 2003:
1. Open the Exchange System Manager
2. Expand untill you hit your exchange server
3. Open the properties of the exchange server
4. Switch to the "Directory Access" tab
5. Select "Domain Controllers" in the drop down list
6. Select a working DC
7. Deselect "Automatically discover Servers"

Note: If your Exchange server is installed on a Dc it will always contact that DC, no matter what you set in this feel.

For Exchange 2007:

1. Open the exchange management shell (powershell for exchange)
2. Use the Set-Exchangeserver -StaticConfigDomainController -StaticDomainController -StaticGlobalCatalog command

If your Exchange server is installed on a Dc it will always contact that DC, no matter what you set in this field. For Exchange 2010 you can use the same command as for Exchange 2007.

In case there are no events 5000 & 1121 you'll most likely have events 9565 & 9564 logged. These are caused by the antivirus program being broken. You'll want to disable the antivirus key in the registry:

1.Click Start, and then click Run.
2.In the Open box, type regedit, and then click OK.
3.In Registry Editor, locate the following subkey in the registry:
4.In the right pane, double-click Enabled.
5.Click Decimal, type 0 in the Value data box, and then click OK.
6.On the File menu, click Exit to quit Registry Editor.
7.Start the Information Store.

Deinstall your AV in a service window and reboot the server.

Print | posted on Tuesday, July 5, 2011 9:48 AM | Filed Under [ Exchange ]


No comments posted yet.
Post A Comment

Powered by: