Link to home
Create AccountLog in
Avatar of chris_wren
chris_wren

asked on

Uregent help required - Unable to mount mailbox stores on EX2k. All services are running but keep getting c1041722 error.

I have a recently installed EX2k SP3 server which has been running like clockwork. I added 3 new mailbox stores last night and got them mounted.
Now this morning I cannot mount any of my stores and am getting error "c1041722". The 1st mailbox store I created I have been using without problems for a week or so. If I try and delete any of the new stores I added I just get the usual "the information store couldn't find the specified object c1041722"
I've checked all security persmissions as the Msoft article suggests and have removed groupshield. All my exchange services are started but I just can't mount any databases. I keep getting the message "store could not be mounted becasue the the AD info wasn't replicated yet". If I try again I get the c1041722 message.
I have been through the msoft article "http://www.microsoft.com/technet/prodtechnol/exchange/2003/wontmount.mspx" without any luck.

Please Help!!!!!!!!!!!!!
Avatar of Ross McCandless
Ross McCandless
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi Chris

I know youve said you have checked the permissions, have you seen the articles below:

http://support.microsoft.com/?kbid=313865

http://support.microsoft.com/?kbid=827283

Hope this may help

Regards

Ross

Avatar of chris_wren
chris_wren

ASKER

Yeah already been through those 2 articles but no joy.
I've actually found this article which looks very relevant:
 
http://support.microsoft.com/kb/316709

I've run the policytest.exe utill from the Ex2k CD and none of my domain controllers have the SeSecurityPrivilege" which apparently is applied when the /domainprep switch is run prior to installation of Ex2k. The article recommends running the setup /domainprep switch again. Which would be fine except that I have another EX2k server functioning perfectly ok and so am reluctant to do this.
Help!!!!!!!!!!!!!!!!!
I seem to have lost the default domain controllers security policy from AD. The thing is, I have another Exchange server which is still running.
Any clues please????
Ta.

See the following on how to restore your default dc gpo

http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dcgpofix.asp
http://www.windowsitpro.com/Article/ArticleID/41878/41878.html

Also, the following states running domainprep will not interrupt service on existing Exchange servers:

http://support.microsoft.com/?id=314294

hth,
Kris.
Thanks Kris - does the dcgpofix tool apply to Win2k?
What effects will this have on my AD domain (fortunately there are only a couple of group policies in use at the moment)?
Can I run the domain prep step first before the dcgpofix?
Cheers
I dont know if this might be simple or has been check, but have you check the space in the log directory. Almost 90% of time I see stores not mount the drive is low in space?
Thanks for the tip - but there's Gb's of space available.
sorry chris, here's the way to fix it for 2k:

http://support.microsoft.com/kb/267553

resetting the default domain controllers gpo shouldn't have any ill effects, i've done it once before (albeit a few years ago). but keep in mind for future reference that the recommended practice is to leave the default in place and make a new one, etc.

i would fix the gpo first then run domainprep.

kris.
To test, I took a DC off the network, made it the default FSMO and ran through the gpo. When I go to look at the default  DC group policy I get the same error "you may not have permissions. System cannot find path specified".
Help Kris, I'm really stuck with this one!
Cheers
chris, was the dc you took offline to test also a dns server? what was changed recently, was anyone modifying this gpo or permissions on the sysvol share maybe? check the following:

• Netlogon and DFS services are started.
• Domain controllers have the read and apply rights to the Domain Controllers Policy.
• NTFS file system permissions and share permissions are set correctly on the Sysvol share.
• DNS entries are correct for the domain controllers.

kris.
Was integrated  AD DNS, entries looked ok.
Can't access the domain controllers security policy due to ""you may not have permissions. System cannot find path specified".
Syvol was full access for administrator + everyone as well (just be sure on this test), and I got the "1704" successfull message in event viewer
what did you do to prompt the 1704 message?

go into the esm on the malfuntioning e2k server and check the directory access tab on the properties for the server. are all dc's listed there valid ones? if not correct this and reboot.

my recommendation would be to follow the steps in this article in your production environment before things get worse:

http://support.microsoft.com/kb/290189

are you able to access the default domain controllers gpo in your production environment? i understand your wish not to attempt anything in your production environment, but if you can't access your dc gpo in there then you have some issues that need to get worked out.

also, are you attempting this on a dc? with a domain admin account?

kris.
I ran the secedit /refresh command to gte that, but that was only for one isolated DC. /domainprep doesn't work because it can't access the domain GPO presumably. The error message it gives is :
Setup failed while Creating Exchange groups in the current domain (error 0x80072030: There is no such object on the server.) .

Additional information:
There is no such object on the server.

Facility: LDAP Provider
ID no: 80072030
Microsoft Exchange Setup

mode = 'DomainPrep' (61966)

Setup encountered an error during Microsoft Exchange Domain Preparation of DomainPrep component task.


Function:
ScGetExchangeServerGroups
ScCreateExchangeServerGroups
CAtomPermissions::ScAddDSObjects
CBaseAtom::ScSetup
CBaseComponent::ScSetup
CBaseComponent::ScSetup
CCompDomainPrep::ScSetup
CComExchSetupComponent::Install

All attempted on a DC with a admin account that can do everything. I'm thinking now that I may have to do a system state restore to recover these GPO's. I'll try the "How to reset user rights in the default DC GPO" proceedure in the live environment. IS there anything in those command lists I should be editing?
Cheers
Chris
ASKER CERTIFIED SOLUTION
Avatar of kristinaw
kristinaw
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
chris,

did you get it fixed then? would like hear what you did to get it back going.

kris.
Hi Kris,
Yeah all sorted.
The Exchange Enterprise Servers group had been moved out of the users container, causing domainprep to fail. I moved it back into users and ran domainprep and within 10 mins I had all my stores mounted again - it really was that simple. Before this this time both exchange servers had dismounted all stores and I was looking like having a career change!!
So thanks for saving my arse Kris - I owe you buddy!
Cheers
Chris
glad to have helped, and glad i remembered about those groups!

kris.
Hi Kris,
Got another very strange problem. Exchange system manager thinks all my stores are dismounted (on the old and the new EX2000 servers). But email is still up and running. If i try and look at the mailbox rights for any mailboxes on the new box I get the same error I was getting initially "the information store couldn't find the specified object c1041722". I can however look at mailbox rights for users who are still on the older server. I cannot perform any Exchange tasks  in AD either (e.g. move mailbox).
I feel like I'm sitting on a time bomb here. Is it worth running the domainprep switch again? What's going on???
Cheers
Chris
Just to add to this,
I ran the "policytest" tool from the Exchange disk and got  back "right not found" for all 3 domain controllers in my domain.
I have re-run the domainprep switch from setup and now the server with all 5 FSMO roles  has the right  for the Exchange Enterprise servers group, but the other 2 domain controllers still are showing as "right not found". Incidently, these DCs are new to the domain and I have not yet transfered any FSMO roles over to them. I still have the same problem I initially described but I presume this is because I have not restarted the exchange services on any of the 2 exchange servers (I'm reluctant to do this as I still have email service and nobody has noticed a ny problems yet).
Please help!!!