This was originally published January 31st, 2012 on my old blog: http://geekswithblogs.net/marcde/archive/2012/01/31/the-information-store-service-is-stopped-and-will-not-start.aspx
Troubleshooting the information store service can be straightforward yet immensely complicated if you don’t know what is going on. For this reason I think it is important to know that there are 3 likely culprits that will cause your information store service to go down and refuse to come up:
- Database problems
- Active directory problems
- Antivirus software
Trying to work out which is the culprit can be hard, elimination is probably the easiest way to work through this… So let’s get started!
- Open Exchange Management Console (or the Exchange System Manager if you’re on 2003)
- Expand until you reach the database
- Open the properties of the database
- Check “Do not mount this database on start up”
- Click ok
- Open services.msc
- Open Start, run
- Type in services.msc, click “OK”
- Scroll down until you reach the Microsoft Exchange Information Store Service.
- Right click the IS service and try to start it.
- Does it start?
If the IS service mounts at this point you’re most likely going to have a corrupt database. Open a command prompt and run the “ESEUTIL /mh <path to priv1.edb>” command. Scroll down until you see the “State” and “Log required” Field:
Now, if you have the database state on “Dirty Shutdown” you’ll need to run the following commands on the database:
- Eseutil /p <path to priv1.edb>
- Eseutil /d <path to priv1.edb>
- ISInteg -s “server name” -test alltest -fix
It’s time to follow the on screen instructions for the ISInteg and repeat ISInteg until all errors have been corrected. This is extremely important as ISInteg fixes the database tables and will either fix or get rid of corrupt items.
Depending on how big your database is it might take a while to complete the database recovery.
If you need to get your users back online fast you can use the Dial-tone recovery method. This means you’ll move all the files in the physical location of the database where you can perform the recovery and mount the database in ESM or EMC.
It will tell you that it could not find a database and ask you if it can create a new (blank) database. If you confirm a new database can be mounted and users can access new emails that are received if they are in online mode and access their old mails only if they have the cached mode enabled.
The princess is in another castle…
Now, in case the above did not get your service to start up you have reached a pickle. We need to find out if it’s an AD or AV issue!
- Open Start, run
- Type in services.msc, click “OK”
- Scroll down until you reach the Microsoft Exchange services.
- Note what services are down. Is only the IS service not functional or is the transport service down as well?
Note: If you’re transport service is down as well the likely hood of it being an Active Directory issue increases!
- Open start, run
- Type in eventvwr, click “OK”
- Expand until you hit the “Application log”
- Identify the recent events from source “MSExchangeIS”
- Also have a look at the events from source “ADAcces”
If events 5000 and 1121 are logged they should point you in the right direction for what is wrong with the AD. Usually it’s Exchange that cannot contact the GC (so check if the domain controllers are reachable!. In that case there’s a quick and dirty workaround.
Note: You should only do this to restore functionality for your environment and it is a temporary measure. After you repair the AD issues you are highly advised to let Exchange choose its DC/GC!
Hard-coding a domain controller
- Open the Exchange System Manager
- Expand until you hit your Exchange server
- Open the properties of the Exchange server
- Switch to the “Directory Access” tab
- Select “Domain Controllers” in the drop down list
- Select a working DC
- Deselect “Automatically discover Servers”
Note: If your Exchange server is installed on a Dc it will always contact that DC, no matter what you set in this field.
- Open the Exchange management shell (powershell for Exchange)
- Use the “Set-Exchangeserver -StaticConfigDomainController -StaticDomainController –StaticGlobalCatalog” command.
Note: If your Exchange server is installed on a Dc it will always contact that DC, no matter what you set in this field. For Exchange 2010 you can use the same command as for Exchange 2007.
In case there are no events 5000 & 1121 you’ll most likely have events 9565 & 9564 logged. These are caused by the antivirus program being broken. You’ll want to disable the antivirus key in the registry:
- Click Start, and then click Run.
- In the Open box, type regedit, and then click OK.
- In Registry Editor, locate the following subkey in the registry:
- In the right pane, double-click Enabled.
- Click Decimal, type 0 in the Value data box, and then click OK.
- On the File menu, click Exit to quit Registry Editor.
- Start the Information Store.
- Remove your AV in a service window and reboot the server.
Please, do implement the anti-virus exlusion for Exchange, they’ll prevent the AV from locking, crashing, or corrupting databases: https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019