Event ID 9323

KB ID 0000481 


Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

event id 9323

Source: MSExchangeSA
Event ID: 9323
Task Category: (13)
Level: Warning
Keywords: Classic
Entry '{Username}' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for 'Global Address List'. 


1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.

If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.

published certificates tab

2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.

certificate expired

3. I didn’t need to renew this certificate, so I simply removed it.

remove cert from published

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

rebuild oab

2. Select “Yes” when prompted.

force offline address book

3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.


Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On