| Event Id | 9021 |
| Source | CDOEXM |
| Description | Microsoft Exchange System Attendant has generated new security keys for Exchange server server name. Any passwords required by this server must be re-entered using the Exchange System Management snapin. |
| Event Information | According to Microsoft: Explanation : This Warning event is logged when the Microsoft Exchange System Attendant generates new security keys on an Exchange server. New security keys are generated in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys directory, where C:\ is the location where you installed Windows. Warning event 9021 is typically logged with Error events 9022 and 9149. Events 9022 and 9149 indicate that the Exchange System Attendant cannot read the encryption private keys in the Rsa\Machinekeys folder on the node. This can occur for one or more of the following reasons: a. The public key in the directory is corrupted. b. The RSA\Machinekeys container that contains the private key is corrupted. c. The Exchange System Attendant process (Mad.exe) does not have permission to access the Crypto container. User Action : If Error events 9022 and 9149 are also logged on the server that logged the 9021 event, do one or more of the following: a. Re-create the registry keys. b. Reset the permissions on the key containers. c. Give the server appropriate permissions at the Exchange Organization level in Active Directory. |
| Reference Links | Event id 9021 from source 9021 Cluster Machine Keys Prevent the System Attendant from Starting After Drive C on a Node Fails System Attendant Stops Working with a 9022 Event System Attendant does not start after disaster recovery installation and event ID 9022, 9149, 1005 messages occur |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.