Solved

Backing up PST using Exmerge in 2003

Posted on 2004-08-13
20
325 Views
Last Modified: 2008-02-01
I've read the previous posts on my issue but I still cannot find the solution.  I am receiving the same error most do when attempting to back up a pst file.  Usually a permissions error, but I have granted send as/receive as permissions to the administrator, yet still get the error.  

[12:05:28] Logging Level: None
[12:05:28] Reading settings from file 'C:\Documents and Settings\administrator\Desktop\Exmerge\EXMERGE.INI'.
[12:05:29] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDSE')  (CADRoutines::GetNamingContextData)
[12:05:29] Accessing Domain Controller 'HOBBES'
[12:05:29] 'mailserver' is running Exchange Server 2000 or later
[12:05:29] Source server read from settings file is 'mailserver'.
[12:05:29] Reading list of subjects for messages to be selected from file ''
[12:05:29] Reading list of attachment names for messages to be selected from file ''
[12:05:29] List of folders to be ignored has been read. 0 folders in the list.
[12:05:29] Current machine locale ID is 0x409
[12:05:29] Operating System Version 5.2 (Build 3790)
[12:05:38] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDSE')  (CADRoutines::GetNamingContextData)
[12:05:38] Accessing Domain Controller 'HOBBES'
[12:05:38] 'mailserver' is running Exchange Server 2000 or later
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Configuration/cn=Connections/cn=SMTP (mailserver)/cn={5A9D788C-7032-40AF-A4DC-A7EB860CEB1B}' will be ignored as its DN contains strings in the ignore list
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Recipients/cn=SystemMailbox{5A9D788C-7032-40AF-A4DC-A7EB860CEB1B}' will be ignored as its DN contains strings in the ignore list
[12:05:45] Found 37 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Ignored 2 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Found 37 mailbox(es) homed on the specified databases.
[12:05:45] Ignored 2 mailbox(es) homed on the specified databases.
[12:06:00] Using attribute 'PR_MESSAGE_DELIVERY_TIME' for date operations.
[12:06:00] Merging data into target store. The program will copy only those messages that do not exist in the target store.
[12:06:00] Associated folder data will NOT be copied to the target store.
[12:06:00] Using 'English (US)' (0x409) as the default locale (Code page 1252)
[12:06:00] All mailboxes will be processed, regardless of locale
[12:06:00] Using default locale for all mailboxes
[12:06:00] Initializing worker thread (Thread0)
[12:06:00] Copying data from mailbox 'Patrick Filippone' ('PFILIPPONE') on Server 'mailserver' to file 'C:\DOCUMENTS AND SETTINGS\administrator\DESKTOP\PFILIPPONE.PST'.
[12:06:00] Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
[12:06:00] Errors encountered. Copy process aborted for mailbox 'Patrick Filippone' ('PFILIPPONE').
[12:06:00] Number of items copied from the source store for all mailboxes processed: 0
[12:06:00] Total number of folders processed in the source store: 0
[12:06:00] 0 mailboxes successfully processed. 1 mailboxes were not successfully processed. 0 non-fatal errors encountered.
[12:06:00] Process completion time: 00:00:00

I have verified the permissions.  Any additional help would be greatly appreciated.  Thanks,


0
Comment
Question by:IDPInc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 3
20 Comments
 
LVL 12

Expert Comment

by:BNettles73
ID: 11794604
Did you allow enough time for replication to occur ... did you try logging off and then logging back on ... I've seen this when the permissions had not fully replicated ...
0
 

Author Comment

by:IDPInc
ID: 11794663
Yes this was actually done quite a while ago, server has been rebooted, plenty of replication time.  
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11794713
Can you create a profile in outlook from the machine you are on and connect to the mailbox (I'm assuming your account is the admin account)?  You might also double check the perms to make sure something else isn't restricting your access (in mailbox rights).

I handle perms in my environment a little differently ... I delegated a group with full admin rights so I don't usually have to modify permissions of user objects ...
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 12

Expert Comment

by:BNettles73
ID: 11794781
Check this out ...

Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)

RESOLUTION
To troubleshoot this issue, follow these steps:
Verify that the user account under which you run the Exchange Mailbox Merge program has the Receive As and Send As security permissions set to Allow for the Mailbox Store. To do this, follow these steps:
Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Expand Servers, expand the server that you want, expand the storage group that you want (for example, expand First Storage Group), and then expand Mailbox Store.
Right-click Mailbox Store, and then click Properties.
Click the Security tab, and then click the user account whose permissions you want to verify.
In the Permissions list, click to select the Receive As check box in the Allow column, click to select the Send As check box in the Allow column, and then click OK.

*****If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store.
Verify that the user account under which you run the Exchange Mailbox Merge program has delegation authority at the Organization level in Exchange System Manager. To do this, follow these steps:

In Exchange System Manager, right-click the organization (for example, right-click First Organization (Exchange)), and then click Delegate control. The Exchange Administration Delegation Wizard starts.
Click Next.
If the user account under which you run the Exchange Mailbox Merge program is not listed in the Users and groups box, and if it does not have the role of Exchange Full Administrator, click Next, add this user account with the role of Exchange Full Administrator, and then click OK.
Click Next, and then click Finish.
Quit Exchange System Manager.
Restart the Microsoft Internet Information Service (IIS) Admin Service. To do this, follow these steps.

NOTE: This restarts the Exchange Information Store service.
Click Start, click Run, type services.msc in the Open box, and then click OK.
In the Name list, right-click IIS Admin Service, and then click Restart.
Click Yes to confirm the restarting of the services.
Quit the Services snap-in.
MORE INFORMATION
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11794790
read through that ... did you follow all of the steps or just add the admin account with Send/Receive As perms ...?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11795129
Hi
Just a note - Administrators have inherited deny permissions on send as and recieve as on the mailbox store - these override any that you might add and will not allow you to run exmerge from a standard Admin logon, so create a new account as BNettles has said (or use the exchange admin account if there is one), give it membership of domain admins, and set the permissions on the store to have send as and receive as and it will go through -

If BNettles has already said this then sorry and disregard this post - couldn't see it up there,
How to configure an account to use ExMerge on Exchange Server
http://support.microsoft.com/default.aspx?kbid=292509

Deb :))
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 500 total points
ID: 11795205
Yeah, I put the asterisks specifically by that =) If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store. You said it a little more clear than I ... looks like an assist!! :)

=), Brian
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11795270
Hi
I added the comment  as I was helping someone with this earlier and even though they'd added the send /receive as permissions they hadn't realised that deny permissions that were set totally overrode it as they were using a built-in admin account - took three attempts at persuading them to create another account (then it worked) - If it is an assist it is only a terribly terribly tiny one, sorry if I've duplicated your answer,

Deb :))
0
 

Author Comment

by:IDPInc
ID: 11795591
It looks like I have it right.  The only Deny permissions on send as or receive as are for the following:

Exchange domain servers are denied receive as

I can't find any other permissions that would be conflicting.  Control had already been delegated as full exchange administrators to all involved.
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11795771
If you are a member of Domain Admins - by default Domain Admins has "Deny - Send As & Receive As" at the root of the Org ... not sure if that is the reason ... but you could test this by creating an Exmerge account, Add it to the Exchange Admins Group, and then assign that account send as/receive as to the object you wish to exmerge ...
0
 

Author Comment

by:IDPInc
ID: 11796799
I created a brand new user called exmerge.  Gave it enterprise admin and schema admin rights only.  Added it to security of the mail server in the system manager, made sure it had send as and receive as permissions, and verified enterprise admins had no deny on it.  There are no inherited permissions to worry bout.  But still same error.  
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11796853
Once again ... by default .. Enterprise Admins has Deny-Send As & Receive As set at the Org level ... did you uncheck the boxes on Send As & Receive As?

You'd probably do better to just take the ExMerge Account - Delegate it as Full Control Administrator, Assign it Send As and Receive As perms ... no other groups ... this should clear it up ... or Check the perms at the root level for Enterprise/Schema Admins and uncheck Send As - Deny / Receive As - Deny
0
 

Author Comment

by:IDPInc
ID: 11796943
As stated, I verified that enterprise admins had no deny permissions set.  Our group policy requires a user be a member of enterprise admin group to log onto a server.  (security=good).  
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11797089
If you can log onto the mailbox with a new profile, and If you've checked in System Manager at all levels ... Org, Administrative Group, Server levels ... then I can't think of anything else ...

The error is pretty specific so at some point in the org you are being denied access ...  whether that is through Group or individual Account Inheritance ..

Are you scripting this ... have you tried doing it manually if so ... Are you logging on with the ExMerge Account or using Run As?

I'm out of here soon ... Best of luck!
0
 

Author Comment

by:IDPInc
ID: 11824445
Clearly I've not set it up properly  as I cannot log into each mailbox as I should.  I checked and rechecked the permissions by right clicking on the server name in the system manager and checking security.  Can;t find anything that overrides these settings.  Where else might it be overridden?  And before you say it, I've already removed the defaul deny of domain and enterprise admins.  

Thanks in advance,

0
 

Author Comment

by:IDPInc
ID: 11824738
I'm logging on with the exmerge account and doing it manually.  
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 11825406

Have you tried adding your account to the mailbox rights with Full Mailbox access or just send as/receive as?
I'd also look in the advanced tab under mailbox rights and see what account/group is inheriting <deny>.
When you delegated permissions to the Org .. did you delegate to a group or to a user account and is it Full Exchange Administrator or just Exchange Administrator?
0
 

Author Comment

by:IDPInc
ID: 11841426
My exmerge account, has full control, every "allow" box checked, and no "deny" boxes checked.  This account is a Full Exchange Administrator, and an administrator of the local machine.  There are no rights being inherited.  
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11841481
Hi

Have you rebooted the server since you changed the permissions? Worth a try?

Deb :))
0
 

Author Comment

by:IDPInc
ID: 11902655
Here's what the issue was.  There qre no Deny permissions being inherited, but I set all of my permissions at the server level, not the store level.  None of those permissions were inherited downstream.  Once I checked "inherit permissions" from the parent object, and gave some time to replicate, it began working thanks so much for all of your help.

0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question