Solved

Exmerge\Export error with a Recovery Storage Group

Posted on 2007-04-11
7
1,574 Views
Last Modified: 2012-06-27
I am having trouble exmerging a mbx from a recovery storage group on one of my Exchange 2003 clusters. Everything I have found regarding the error points to permissions. Yet, I have full control on the RSG. I have no issues doing online exports, so it has to be something with the RSG itself.

Error:

[08:26:31] Copying data from mailbox USER('JJJ') on Server 'SERVERNAME' to file 'C:\DOCUMENTS AND SETTINGS\ME\DESKTOP\JJJ.PST'.
[08:26:32] Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)

Any ideas?
0
Comment
Question by:Justin Durrant
  • 3
  • 2
7 Comments
 
LVL 6

Expert Comment

by:vangipe
ID: 18889680
You probably don't have the necessary permissions. Although everything looks well at first sight, a deny rule might block you from using exmerge. See http://www.eggheadcafe.com/aspnet_answers/Exchangeadmin/Mar2006/post26725289.asp.
Have a look at the Exmerge log file for more details.

From Technet: "This behavior occurs because the account you are logged on as does not have Receive As and Send As permissions to the mailboxes on which ExMerge is exporting and importing messages. Even the Full Exchange administrator account does not have Receive As and Send As permissions by default." - http://support.microsoft.com/default.aspx?scid=kb;en-us;273642

related article: http://support.microsoft.com/kb/174197

Hope this helps.
Peter
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18890282
I check the DB under the RSG... no denys anywhere.
0
 
LVL 6

Expert Comment

by:vangipe
ID: 18896207
Are you sure that full mailbox access is granted? Being a Full Exchange Administrator and domain or enterprise admin is not enough. From Technet: "If your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full administrative rights over the Exchange system."
The denies can probably be found using ADSI Edit. Check this article to grant the necessary permissions to a non-administrator account: http://www.infinitec.de/articles/exchange/grantmailboxaccess.aspx

Hope this helps
Peter
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 23

Author Comment

by:Justin Durrant
ID: 18952818
yep... I have full access.

-Manually added my account and granted “sent\receive as” on DB (same error)

-Created a new generic account and granted “sent\receive as” on DB (ruled out default deny for admins)

-Removed inherited permissions and granted all users\groups listed “send\receive as” (eliminating all denys)

-Attempted an export via a non-RSG DB (worked, and permissions between online and non-RSG DB are identical)

-Tried another restore of the DB (ruled out issue with the NetBackup restore)

-Tried exporting other mailboxes (ruled out any issue with the one mailbox)

-Tried running ExMerge from a workstation (ruled out potential problems running export from Exchange servers)

-Tried via our “God” Exchange KVS account (should definitely work without any permissions error)

Any idea what else to try?


0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 19055947
Here was the fix guys:

he mailbox that you are trying to recover, has that been moved?  Meaning does it reside on a new store?  I want you to check the following for me and see if it helps:
How the Recovery Storage Group Links Back to the Original Database A Recovery Storage Group uses the following two Active Directory attributes to link a copy of the database with its original database:
•       The msExchMailboxGUID attribute:   The first test that a mailbox must pass before you can recover data from the mailbox by using a Recovery Storage Group is that the mailbox GUID must correspond to a user in Active Directory.   The mailbox GUID is a unique value that distinguishes a mailbox from all others. The mailbox GUID is created in the mailbox store when the mailbox is created, and the value remains the same for the lifetime of the mailbox. The msExchMailboxGUID attribute uses the mailbox GUID value from the mailbox store. The msExchMailboxGUID attribute is set on the user who owns the mailbox when you link a mailbox to a user account in Active Directory. The Exmerge.exe tool uses the msExchMailboxGUID attribute to match the mailbox in the Recovery Storage Group with the original mailbox.   When you delete a mailbox, mailbox attributes are removed from the user object in Active Directory that previously owned the mailbox. As a result, you cannot use a Recovery Storage Group to recover a deleted mailbox.
•       The msExchOrigMDB attribute:   The second test that a mailbox must pass before you can recover data from the mailbox by using a Recovery Storage Group is that the mailbox must exist in the original mailbox store where the Recovery Storage Group was created. The msExchOrigMDB attribute is set on each database object in the Recovery Storage Group and it specifies the distinguished name of the original database where the Recovery Storage Group was created. If you move the mailbox to a different mailbox store, you cannot use the Exmerge.exe tool to extract data from the mailbox. To resolve this issue, do one of the following:
        •       Move the mailbox back to the original mailbox store.
        •       Modify the msExchOrigMDB attribute on the Recovery Storage Group database to point to the mailbox store that you moved the mailbox to.   When you use this option, you cannot use the Exmerge.exe tool to access any mailboxes that you did not move to a different mailbox store. If you want to access the mailboxes that remain in the original mailbox store, you must change the msExchOrigMDB attribute back to its original value.   To modify the msExchOrigMDB attribute by using ADSI Edit, follow these steps. Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
                1.      Start ADSI Edit.
                2.      Locate the mailbox store that you moved the mailbox to. To do so, expand Configuration Container [ YourServerName . YourDomainName . YourTopLevelDomain ], expand CN=Configuration,DC= YourDomainName ,DC= YourTopLevelDomain , expand CN=Services, expand CN=Microsoft Exchange, expand CN= YourOrganizationName , expand CN=Administrative Groups, expand CN= Your Administrative Group , where Your Administrative Group is the administrative group that contains the storage group that you want to modify), expand CN=Servers, expand CN= YourServerName , expand CN=InformationStore, and then click CN= YourStorageGroup .
                3.      In the right pane, right-click the database object, and then click Properties.
                4.      In the Select which properties to view list, click Both.
                5.      In the Select a property to view list, click distinguishedName.
                6.      Right-click the value that is in the Value(s) box, and then click Copy.
                7.      Click Cancel.
                8.      Locate and then click the Recovery Storage Group database object in the CN=Configuration,DC= YourDomainName ,DC= YourTopLevelDomain container.
                9.      In the right pane, right-click the Recovery Storage Group database object, and then click Properties.
                10.     In the Select which properties to view list, click Both.
                11.     In the Select a property to view list, click msExchOrigMDB.
                12.     Click Clear.
                13.     Right-click an empty area of the Edit Attributes box, and then click Paste.
                14.     Click Set, and then click OK.
                15.     Quit ADSI Edit.
0
 
LVL 1

Accepted Solution

by:
Vee_Mod earned 0 total points
ID: 19080831
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now