The MAD Monitoring thread was unable to read the queue information - The_MAD_Monitoring_thread_was_unable_to_read_the_queue

The_MAD_Monitoring_thread_was_unable_to_read_the_queue_information (Rule)

This is a rules that checks if a thread was unable to read the queue information.

Knowledge Base article:

Summary

This issue occurs when the MAD Monitoring thread was unable to read the queue information, error '0x80041001'.

Causes

This issue occurs because the monitoring thread that is run by the System Attendant service (Mad.exe) cannot query Microsoft Windows Management Instrumentation (WMI) for the state of any of the following items:

Cluster resources.
CPU usage information.
Instances of the ExchangeLink class or other classes provided by the Exchange WMI provider (Exwmi.dll).

The errors may be caused by one of the following issues:

Corruption in the WMI infrastructure.
Transient problems with the WMI infrastructure.
Network connectivity issues.

To identify the exact cause of the event, see the error code in the "Description" section of the event. For example, event ID 9102 with the error 0x80010108 translates to RPC_E_DISCONNECTED. This error means that the remote procedure call (RPC) connection was lost, possibly because of network connectivity issues. For more information, see the "Error Codes" section in this article.

Error Codes:

0x80041010 = WBEM_E_INVALID_CLASS
0x80010108 = RPC_E_DISCONNECTED
0x800706a6 = RPC_S_INVALID_BINDING
0x80041001 = WBEM_E_FAILED

Resolutions

If these events occur occasionally, they can be safely ignored. However, if they occur frequently (for example, every five minutes), you should investigate the cause of the event. To do so, follow these steps:

Make sure that WMI is installed correctly. For additional information about WMI, see Windows 2000 Online Help.
Use the Windows Management Instrumentation Tester (Wbemtest.exe) to make sure that WMI is responding, the Exchange 2000 namespace still exists, the appropriate class exists, and the Exchange WMI provider can enumerate instances of that class. Wbemtest.exe is installed in the %windir%\system32\Wbem folder in your Windows system folder. For more information about how to use Wbemtest, see Windows 2000 Online Help.
Check network connectivity.

Element properties:

Target

Microsoft.Exchange.ExchangeComponent.SystemAttendant

Category

EventCollection

Enabled

True

Event_ID

9100

Event Source

MSExchangeSA

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

The MAD Monitoring thread was unable to read the queue information.

{0}

Event Log

Application

Member Modules:

ID	Module Type	TypeId	RunAs
EventDS	DataSource	Microsoft.Windows.EventProvider	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="The_MAD_Monitoring_thread_was_unable_to_read_the_queue_information" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ExchangeComponent.SystemAttendant" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100"> <Category>EventCollection</Category> <DataSources> <DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider"> <ComputerName>.</ComputerName> <LogName>Application</LogName> <Expression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery>Channel</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value>Application</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery>PublisherName</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value>MSExchangeSA</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery>EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value>9100</Value> </ValueExpression> </SimpleExpression> </Expression> </And> </Expression> </DataSource> </DataSources> <WriteActions> <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert"> <Priority>1</Priority> <Severity>1</Severity> <AlertOwner>$Data/PublisherName$</AlertOwner> <AlertMessageId>$MPElement[Name="Microsoft.Exchange.Server.2003.MADMonitoringThreadUnableToReadQueue.AlertMessage"]$</AlertMessageId> <AlertParameters> <AlertParameter1>$Data/EventDescription$</AlertParameter1> </AlertParameters> <Suppression> <SuppressionValue>6</SuppressionValue> </Suppression> </WriteAction> </WriteActions> </Rule>