This event indicates that a search request that was sent to the server running Active Directory did not provide a result within a reasonable time period. The search request was abandoned.
Sample Event:
Event Type: Warning
Event Source: MSExchangeDSAccess
Event ID: 2389
Description: Process WINMGMT.EXE (PID=1456). A search request to Directory Server SERVER.DOMAIN.COM did not return a result within 120 seconds and is being abandoned. The search will be retried if possible. The search that failed has the following characteristics: Base DN=<GUID=1AED54A7-5F51-4FFC-A53A-4774C57AAAA5>, Filter=(objectclass=*), Scope=0.
This event is logged when there are problems with the action sent to the DS not returning in less than 120 seconds. It is usually seen only when the DS is under heavy stress or when a network error is introduced at the packet level. The sending server is continuously trying to resend the information back to Exchange and is failing, which leads to the 120 second failure. Most often, it is the DS being under heavy stress that is causing the problem.
If this event is seen rarely, then it can be ignored. If it appears at specific times or any other pattern is detected, investigate what is happening on the particular domain controller named in the Description section of the event and check to see if it is being heavily loaded. Also investigate if there are networking issues between the Exchange server and the named domain controller.
For more information about MSExchangeDSAccess event 2389, see:
| Target | Microsoft.Exchange.ExchangeComponent.IS | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 2389 | ||
| Event Source | MSExchangeDSAccess | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
<Rule ID="A_search_request__that_was_sent_to_the_server_running_Active_Directory_did_not_provide_a_result_within_a_reasonable_time_period_" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ExchangeComponent.IS" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Channel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Application</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>MSExchangeDSAccess</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2389</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="A_search_request__that_was_sent_to_the_server_running_Active_Directory_did_not_provide_a_result_within_a_reasonable_time_period_.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>