IDPInc
asked on
Backing up PST using Exmerge in 2003
I've read the previous posts on my issue but I still cannot find the solution. I am receiving the same error most do when attempting to back up a pst file. Usually a permissions error, but I have granted send as/receive as permissions to the administrator, yet still get the error.
[12:05:28] Logging Level: None
[12:05:28] Reading settings from file 'C:\Documents and Settings\administrator\Des
[12:05:29] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDS
[12:05:29] Accessing Domain Controller 'HOBBES'
[12:05:29] 'mailserver' is running Exchange Server 2000 or later
[12:05:29] Source server read from settings file is 'mailserver'.
[12:05:29] Reading list of subjects for messages to be selected from file ''
[12:05:29] Reading list of attachment names for messages to be selected from file ''
[12:05:29] List of folders to be ignored has been read. 0 folders in the list.
[12:05:29] Current machine locale ID is 0x409
[12:05:29] Operating System Version 5.2 (Build 3790)
[12:05:38] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDS
[12:05:38] Accessing Domain Controller 'HOBBES'
[12:05:38] 'mailserver' is running Exchange Server 2000 or later
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Confi
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Recip
[12:05:45] Found 37 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Ignored 2 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Found 37 mailbox(es) homed on the specified databases.
[12:05:45] Ignored 2 mailbox(es) homed on the specified databases.
[12:06:00] Using attribute 'PR_MESSAGE_DELIVERY_TIME'
[12:06:00] Merging data into target store. The program will copy only those messages that do not exist in the target store.
[12:06:00] Associated folder data will NOT be copied to the target store.
[12:06:00] Using 'English (US)' (0x409) as the default locale (Code page 1252)
[12:06:00] All mailboxes will be processed, regardless of locale
[12:06:00] Using default locale for all mailboxes
[12:06:00] Initializing worker thread (Thread0)
[12:06:00] Copying data from mailbox 'Patrick Filippone' ('PFILIPPONE') on Server 'mailserver' to file 'C:\DOCUMENTS AND SETTINGS\administrator\DES
[12:06:00] Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
[12:06:00] Errors encountered. Copy process aborted for mailbox 'Patrick Filippone' ('PFILIPPONE').
[12:06:00] Number of items copied from the source store for all mailboxes processed: 0
[12:06:00] Total number of folders processed in the source store: 0
[12:06:00] 0 mailboxes successfully processed. 1 mailboxes were not successfully processed. 0 non-fatal errors encountered.
[12:06:00] Process completion time: 00:00:00
I have verified the permissions. Any additional help would be greatly appreciated. Thanks,
[12:05:28] Logging Level: None
[12:05:28] Reading settings from file 'C:\Documents and Settings\administrator\Des
[12:05:29] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDS
[12:05:29] Accessing Domain Controller 'HOBBES'
[12:05:29] 'mailserver' is running Exchange Server 2000 or later
[12:05:29] Source server read from settings file is 'mailserver'.
[12:05:29] Reading list of subjects for messages to be selected from file ''
[12:05:29] Reading list of attachment names for messages to be selected from file ''
[12:05:29] List of folders to be ignored has been read. 0 folders in the list.
[12:05:29] Current machine locale ID is 0x409
[12:05:29] Operating System Version 5.2 (Build 3790)
[12:05:38] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDS
[12:05:38] Accessing Domain Controller 'HOBBES'
[12:05:38] 'mailserver' is running Exchange Server 2000 or later
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Confi
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Recip
[12:05:45] Found 37 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Ignored 2 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Found 37 mailbox(es) homed on the specified databases.
[12:05:45] Ignored 2 mailbox(es) homed on the specified databases.
[12:06:00] Using attribute 'PR_MESSAGE_DELIVERY_TIME'
[12:06:00] Merging data into target store. The program will copy only those messages that do not exist in the target store.
[12:06:00] Associated folder data will NOT be copied to the target store.
[12:06:00] Using 'English (US)' (0x409) as the default locale (Code page 1252)
[12:06:00] All mailboxes will be processed, regardless of locale
[12:06:00] Using default locale for all mailboxes
[12:06:00] Initializing worker thread (Thread0)
[12:06:00] Copying data from mailbox 'Patrick Filippone' ('PFILIPPONE') on Server 'mailserver' to file 'C:\DOCUMENTS AND SETTINGS\administrator\DES
[12:06:00] Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
[12:06:00] Errors encountered. Copy process aborted for mailbox 'Patrick Filippone' ('PFILIPPONE').
[12:06:00] Number of items copied from the source store for all mailboxes processed: 0
[12:06:00] Total number of folders processed in the source store: 0
[12:06:00] 0 mailboxes successfully processed. 1 mailboxes were not successfully processed. 0 non-fatal errors encountered.
[12:06:00] Process completion time: 00:00:00
I have verified the permissions. Any additional help would be greatly appreciated. Thanks,
Did you allow enough time for replication to occur ... did you try logging off and then logging back on ... I've seen this when the permissions had not fully replicated ...
ASKER
Yes this was actually done quite a while ago, server has been rebooted, plenty of replication time.
Can you create a profile in outlook from the machine you are on and connect to the mailbox (I'm assuming your account is the admin account)? You might also double check the perms to make sure something else isn't restricting your access (in mailbox rights).
I handle perms in my environment a little differently ... I delegated a group with full admin rights so I don't usually have to modify permissions of user objects ...
I handle perms in my environment a little differently ... I delegated a group with full admin rights so I don't usually have to modify permissions of user objects ...
Check this out ...
Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
RESOLUTION
To troubleshoot this issue, follow these steps:
Verify that the user account under which you run the Exchange Mailbox Merge program has the Receive As and Send As security permissions set to Allow for the Mailbox Store. To do this, follow these steps:
Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Expand Servers, expand the server that you want, expand the storage group that you want (for example, expand First Storage Group), and then expand Mailbox Store.
Right-click Mailbox Store, and then click Properties.
Click the Security tab, and then click the user account whose permissions you want to verify.
In the Permissions list, click to select the Receive As check box in the Allow column, click to select the Send As check box in the Allow column, and then click OK.
*****If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store.
Verify that the user account under which you run the Exchange Mailbox Merge program has delegation authority at the Organization level in Exchange System Manager. To do this, follow these steps:
In Exchange System Manager, right-click the organization (for example, right-click First Organization (Exchange)), and then click Delegate control. The Exchange Administration Delegation Wizard starts.
Click Next.
If the user account under which you run the Exchange Mailbox Merge program is not listed in the Users and groups box, and if it does not have the role of Exchange Full Administrator, click Next, add this user account with the role of Exchange Full Administrator, and then click OK.
Click Next, and then click Finish.
Quit Exchange System Manager.
Restart the Microsoft Internet Information Service (IIS) Admin Service. To do this, follow these steps.
NOTE: This restarts the Exchange Information Store service.
Click Start, click Run, type services.msc in the Open box, and then click OK.
In the Name list, right-click IIS Admin Service, and then click Restart.
Click Yes to confirm the restarting of the services.
Quit the Services snap-in.
MORE INFORMATION
Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
RESOLUTION
To troubleshoot this issue, follow these steps:
Verify that the user account under which you run the Exchange Mailbox Merge program has the Receive As and Send As security permissions set to Allow for the Mailbox Store. To do this, follow these steps:
Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Expand Servers, expand the server that you want, expand the storage group that you want (for example, expand First Storage Group), and then expand Mailbox Store.
Right-click Mailbox Store, and then click Properties.
Click the Security tab, and then click the user account whose permissions you want to verify.
In the Permissions list, click to select the Receive As check box in the Allow column, click to select the Send As check box in the Allow column, and then click OK.
*****If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store.
Verify that the user account under which you run the Exchange Mailbox Merge program has delegation authority at the Organization level in Exchange System Manager. To do this, follow these steps:
In Exchange System Manager, right-click the organization (for example, right-click First Organization (Exchange)), and then click Delegate control. The Exchange Administration Delegation Wizard starts.
Click Next.
If the user account under which you run the Exchange Mailbox Merge program is not listed in the Users and groups box, and if it does not have the role of Exchange Full Administrator, click Next, add this user account with the role of Exchange Full Administrator, and then click OK.
Click Next, and then click Finish.
Quit Exchange System Manager.
Restart the Microsoft Internet Information Service (IIS) Admin Service. To do this, follow these steps.
NOTE: This restarts the Exchange Information Store service.
Click Start, click Run, type services.msc in the Open box, and then click OK.
In the Name list, right-click IIS Admin Service, and then click Restart.
Click Yes to confirm the restarting of the services.
Quit the Services snap-in.
MORE INFORMATION
read through that ... did you follow all of the steps or just add the admin account with Send/Receive As perms ...?
Hi
Just a note - Administrators have inherited deny permissions on send as and recieve as on the mailbox store - these override any that you might add and will not allow you to run exmerge from a standard Admin logon, so create a new account as BNettles has said (or use the exchange admin account if there is one), give it membership of domain admins, and set the permissions on the store to have send as and receive as and it will go through -
If BNettles has already said this then sorry and disregard this post - couldn't see it up there,
How to configure an account to use ExMerge on Exchange Server
http://support.microsoft.com/default.aspx?kbid=292509
Deb :))
Just a note - Administrators have inherited deny permissions on send as and recieve as on the mailbox store - these override any that you might add and will not allow you to run exmerge from a standard Admin logon, so create a new account as BNettles has said (or use the exchange admin account if there is one), give it membership of domain admins, and set the permissions on the store to have send as and receive as and it will go through -
If BNettles has already said this then sorry and disregard this post - couldn't see it up there,
How to configure an account to use ExMerge on Exchange Server
http://support.microsoft.com/default.aspx?kbid=292509
Deb :))
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
I added the comment as I was helping someone with this earlier and even though they'd added the send /receive as permissions they hadn't realised that deny permissions that were set totally overrode it as they were using a built-in admin account - took three attempts at persuading them to create another account (then it worked) - If it is an assist it is only a terribly terribly tiny one, sorry if I've duplicated your answer,
Deb :))
I added the comment as I was helping someone with this earlier and even though they'd added the send /receive as permissions they hadn't realised that deny permissions that were set totally overrode it as they were using a built-in admin account - took three attempts at persuading them to create another account (then it worked) - If it is an assist it is only a terribly terribly tiny one, sorry if I've duplicated your answer,
Deb :))
ASKER
It looks like I have it right. The only Deny permissions on send as or receive as are for the following:
Exchange domain servers are denied receive as
I can't find any other permissions that would be conflicting. Control had already been delegated as full exchange administrators to all involved.
Exchange domain servers are denied receive as
I can't find any other permissions that would be conflicting. Control had already been delegated as full exchange administrators to all involved.
If you are a member of Domain Admins - by default Domain Admins has "Deny - Send As & Receive As" at the root of the Org ... not sure if that is the reason ... but you could test this by creating an Exmerge account, Add it to the Exchange Admins Group, and then assign that account send as/receive as to the object you wish to exmerge ...
ASKER
I created a brand new user called exmerge. Gave it enterprise admin and schema admin rights only. Added it to security of the mail server in the system manager, made sure it had send as and receive as permissions, and verified enterprise admins had no deny on it. There are no inherited permissions to worry bout. But still same error.
Once again ... by default .. Enterprise Admins has Deny-Send As & Receive As set at the Org level ... did you uncheck the boxes on Send As & Receive As?
You'd probably do better to just take the ExMerge Account - Delegate it as Full Control Administrator, Assign it Send As and Receive As perms ... no other groups ... this should clear it up ... or Check the perms at the root level for Enterprise/Schema Admins and uncheck Send As - Deny / Receive As - Deny
You'd probably do better to just take the ExMerge Account - Delegate it as Full Control Administrator, Assign it Send As and Receive As perms ... no other groups ... this should clear it up ... or Check the perms at the root level for Enterprise/Schema Admins and uncheck Send As - Deny / Receive As - Deny
ASKER
As stated, I verified that enterprise admins had no deny permissions set. Our group policy requires a user be a member of enterprise admin group to log onto a server. (security=good).
If you can log onto the mailbox with a new profile, and If you've checked in System Manager at all levels ... Org, Administrative Group, Server levels ... then I can't think of anything else ...
The error is pretty specific so at some point in the org you are being denied access ... whether that is through Group or individual Account Inheritance ..
Are you scripting this ... have you tried doing it manually if so ... Are you logging on with the ExMerge Account or using Run As?
I'm out of here soon ... Best of luck!
The error is pretty specific so at some point in the org you are being denied access ... whether that is through Group or individual Account Inheritance ..
Are you scripting this ... have you tried doing it manually if so ... Are you logging on with the ExMerge Account or using Run As?
I'm out of here soon ... Best of luck!
ASKER
Clearly I've not set it up properly as I cannot log into each mailbox as I should. I checked and rechecked the permissions by right clicking on the server name in the system manager and checking security. Can;t find anything that overrides these settings. Where else might it be overridden? And before you say it, I've already removed the defaul deny of domain and enterprise admins.
Thanks in advance,
Thanks in advance,
ASKER
I'm logging on with the exmerge account and doing it manually.
Have you tried adding your account to the mailbox rights with Full Mailbox access or just send as/receive as?
I'd also look in the advanced tab under mailbox rights and see what account/group is inheriting <deny>.
When you delegated permissions to the Org .. did you delegate to a group or to a user account and is it Full Exchange Administrator or just Exchange Administrator?
ASKER
My exmerge account, has full control, every "allow" box checked, and no "deny" boxes checked. This account is a Full Exchange Administrator, and an administrator of the local machine. There are no rights being inherited.
Hi
Have you rebooted the server since you changed the permissions? Worth a try?
Deb :))
Have you rebooted the server since you changed the permissions? Worth a try?
Deb :))
ASKER
Here's what the issue was. There qre no Deny permissions being inherited, but I set all of my permissions at the server level, not the store level. None of those permissions were inherited downstream. Once I checked "inherit permissions" from the parent object, and gave some time to replicate, it began working thanks so much for all of your help.