Solved

Backing up PST using Exmerge in 2003

Posted on 2004-08-13
20
318 Views
Last Modified: 2008-02-01
I've read the previous posts on my issue but I still cannot find the solution.  I am receiving the same error most do when attempting to back up a pst file.  Usually a permissions error, but I have granted send as/receive as permissions to the administrator, yet still get the error.  

[12:05:28] Logging Level: None
[12:05:28] Reading settings from file 'C:\Documents and Settings\administrator\Desktop\Exmerge\EXMERGE.INI'.
[12:05:29] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDSE')  (CADRoutines::GetNamingContextData)
[12:05:29] Accessing Domain Controller 'HOBBES'
[12:05:29] 'mailserver' is running Exchange Server 2000 or later
[12:05:29] Source server read from settings file is 'mailserver'.
[12:05:29] Reading list of subjects for messages to be selected from file ''
[12:05:29] Reading list of attachment names for messages to be selected from file ''
[12:05:29] List of folders to be ignored has been read. 0 folders in the list.
[12:05:29] Current machine locale ID is 0x409
[12:05:29] Operating System Version 5.2 (Build 3790)
[12:05:38] Error 8007203a opening an LDAP connection. ('LDAP://mailserver/rootDSE')  (CADRoutines::GetNamingContextData)
[12:05:38] Accessing Domain Controller 'HOBBES'
[12:05:38] 'mailserver' is running Exchange Server 2000 or later
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Configuration/cn=Connections/cn=SMTP (mailserver)/cn={5A9D788C-7032-40AF-A4DC-A7EB860CEB1B}' will be ignored as its DN contains strings in the ignore list
[12:05:45] Mailbox '/O=IDP/OU=IDPNET/cn=Recipients/cn=SystemMailbox{5A9D788C-7032-40AF-A4DC-A7EB860CEB1B}' will be ignored as its DN contains strings in the ignore list
[12:05:45] Found 37 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Ignored 2 mailbox(es) homed on database 'SECOND STORAGE GROUP/PRODUCT AND SERVICE DELIVERY'.
[12:05:45] Found 37 mailbox(es) homed on the specified databases.
[12:05:45] Ignored 2 mailbox(es) homed on the specified databases.
[12:06:00] Using attribute 'PR_MESSAGE_DELIVERY_TIME' for date operations.
[12:06:00] Merging data into target store. The program will copy only those messages that do not exist in the target store.
[12:06:00] Associated folder data will NOT be copied to the target store.
[12:06:00] Using 'English (US)' (0x409) as the default locale (Code page 1252)
[12:06:00] All mailboxes will be processed, regardless of locale
[12:06:00] Using default locale for all mailboxes
[12:06:00] Initializing worker thread (Thread0)
[12:06:00] Copying data from mailbox 'Patrick Filippone' ('PFILIPPONE') on Server 'mailserver' to file 'C:\DOCUMENTS AND SETTINGS\administrator\DESKTOP\PFILIPPONE.PST'.
[12:06:00] Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)
[12:06:00] Errors encountered. Copy process aborted for mailbox 'Patrick Filippone' ('PFILIPPONE').
[12:06:00] Number of items copied from the source store for all mailboxes processed: 0
[12:06:00] Total number of folders processed in the source store: 0
[12:06:00] 0 mailboxes successfully processed. 1 mailboxes were not successfully processed. 0 non-fatal errors encountered.
[12:06:00] Process completion time: 00:00:00

I have verified the permissions.  Any additional help would be greatly appreciated.  Thanks,


0
Comment
Question by:IDPInc
  • 9
  • 8
  • 3
20 Comments
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
Did you allow enough time for replication to occur ... did you try logging off and then logging back on ... I've seen this when the permissions had not fully replicated ...
0
 

Author Comment

by:IDPInc
Comment Utility
Yes this was actually done quite a while ago, server has been rebooted, plenty of replication time.  
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
Can you create a profile in outlook from the machine you are on and connect to the mailbox (I'm assuming your account is the admin account)?  You might also double check the perms to make sure something else isn't restricting your access (in mailbox rights).

I handle perms in my environment a little differently ... I delegated a group with full admin rights so I don't usually have to modify permissions of user objects ...
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
Check this out ...

Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)

RESOLUTION
To troubleshoot this issue, follow these steps:
Verify that the user account under which you run the Exchange Mailbox Merge program has the Receive As and Send As security permissions set to Allow for the Mailbox Store. To do this, follow these steps:
Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Expand Servers, expand the server that you want, expand the storage group that you want (for example, expand First Storage Group), and then expand Mailbox Store.
Right-click Mailbox Store, and then click Properties.
Click the Security tab, and then click the user account whose permissions you want to verify.
In the Permissions list, click to select the Receive As check box in the Allow column, click to select the Send As check box in the Allow column, and then click OK.

*****If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store.
Verify that the user account under which you run the Exchange Mailbox Merge program has delegation authority at the Organization level in Exchange System Manager. To do this, follow these steps:

In Exchange System Manager, right-click the organization (for example, right-click First Organization (Exchange)), and then click Delegate control. The Exchange Administration Delegation Wizard starts.
Click Next.
If the user account under which you run the Exchange Mailbox Merge program is not listed in the Users and groups box, and if it does not have the role of Exchange Full Administrator, click Next, add this user account with the role of Exchange Full Administrator, and then click OK.
Click Next, and then click Finish.
Quit Exchange System Manager.
Restart the Microsoft Internet Information Service (IIS) Admin Service. To do this, follow these steps.

NOTE: This restarts the Exchange Information Store service.
Click Start, click Run, type services.msc in the Open box, and then click OK.
In the Name list, right-click IIS Admin Service, and then click Restart.
Click Yes to confirm the restarting of the services.
Quit the Services snap-in.
MORE INFORMATION
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
read through that ... did you follow all of the steps or just add the admin account with Send/Receive As perms ...?
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi
Just a note - Administrators have inherited deny permissions on send as and recieve as on the mailbox store - these override any that you might add and will not allow you to run exmerge from a standard Admin logon, so create a new account as BNettles has said (or use the exchange admin account if there is one), give it membership of domain admins, and set the permissions on the store to have send as and receive as and it will go through -

If BNettles has already said this then sorry and disregard this post - couldn't see it up there,
How to configure an account to use ExMerge on Exchange Server
http://support.microsoft.com/default.aspx?kbid=292509

Deb :))
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 500 total points
Comment Utility
Yeah, I put the asterisks specifically by that =) If the user account is a member of a group (domain administrators or enterprise administrators), this group must also have send as and receive as rights to the mailbox store. You said it a little more clear than I ... looks like an assist!! :)

=), Brian
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi
I added the comment  as I was helping someone with this earlier and even though they'd added the send /receive as permissions they hadn't realised that deny permissions that were set totally overrode it as they were using a built-in admin account - took three attempts at persuading them to create another account (then it worked) - If it is an assist it is only a terribly terribly tiny one, sorry if I've duplicated your answer,

Deb :))
0
 

Author Comment

by:IDPInc
Comment Utility
It looks like I have it right.  The only Deny permissions on send as or receive as are for the following:

Exchange domain servers are denied receive as

I can't find any other permissions that would be conflicting.  Control had already been delegated as full exchange administrators to all involved.
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
If you are a member of Domain Admins - by default Domain Admins has "Deny - Send As & Receive As" at the root of the Org ... not sure if that is the reason ... but you could test this by creating an Exmerge account, Add it to the Exchange Admins Group, and then assign that account send as/receive as to the object you wish to exmerge ...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:IDPInc
Comment Utility
I created a brand new user called exmerge.  Gave it enterprise admin and schema admin rights only.  Added it to security of the mail server in the system manager, made sure it had send as and receive as permissions, and verified enterprise admins had no deny on it.  There are no inherited permissions to worry bout.  But still same error.  
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
Once again ... by default .. Enterprise Admins has Deny-Send As & Receive As set at the Org level ... did you uncheck the boxes on Send As & Receive As?

You'd probably do better to just take the ExMerge Account - Delegate it as Full Control Administrator, Assign it Send As and Receive As perms ... no other groups ... this should clear it up ... or Check the perms at the root level for Enterprise/Schema Admins and uncheck Send As - Deny / Receive As - Deny
0
 

Author Comment

by:IDPInc
Comment Utility
As stated, I verified that enterprise admins had no deny permissions set.  Our group policy requires a user be a member of enterprise admin group to log onto a server.  (security=good).  
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility
If you can log onto the mailbox with a new profile, and If you've checked in System Manager at all levels ... Org, Administrative Group, Server levels ... then I can't think of anything else ...

The error is pretty specific so at some point in the org you are being denied access ...  whether that is through Group or individual Account Inheritance ..

Are you scripting this ... have you tried doing it manually if so ... Are you logging on with the ExMerge Account or using Run As?

I'm out of here soon ... Best of luck!
0
 

Author Comment

by:IDPInc
Comment Utility
Clearly I've not set it up properly  as I cannot log into each mailbox as I should.  I checked and rechecked the permissions by right clicking on the server name in the system manager and checking security.  Can;t find anything that overrides these settings.  Where else might it be overridden?  And before you say it, I've already removed the defaul deny of domain and enterprise admins.  

Thanks in advance,

0
 

Author Comment

by:IDPInc
Comment Utility
I'm logging on with the exmerge account and doing it manually.  
0
 
LVL 12

Expert Comment

by:BNettles73
Comment Utility

Have you tried adding your account to the mailbox rights with Full Mailbox access or just send as/receive as?
I'd also look in the advanced tab under mailbox rights and see what account/group is inheriting <deny>.
When you delegated permissions to the Org .. did you delegate to a group or to a user account and is it Full Exchange Administrator or just Exchange Administrator?
0
 

Author Comment

by:IDPInc
Comment Utility
My exmerge account, has full control, every "allow" box checked, and no "deny" boxes checked.  This account is a Full Exchange Administrator, and an administrator of the local machine.  There are no rights being inherited.  
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi

Have you rebooted the server since you changed the permissions? Worth a try?

Deb :))
0
 

Author Comment

by:IDPInc
Comment Utility
Here's what the issue was.  There qre no Deny permissions being inherited, but I set all of my permissions at the server level, not the store level.  None of those permissions were inherited downstream.  Once I checked "inherit permissions" from the parent object, and gave some time to replicate, it began working thanks so much for all of your help.

0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now