Solved

Exchange 2003 Recipient Policy error preventing Exchange 2007 migration (event id 8325)

Posted on 2008-06-19
4
1,482 Views
Last Modified: 2011-10-03
Current Evironment:  Exchange 2003 SP2 running on Windows Server 2003 which is also a GC/DC (I know it's not recommended, which is why we are migrating).  I have installed Exchange 2007 w/SP1 'Typical Installation' (MB, HUB, CA).  When I attempt to move or create a user on the Exchange 2007 server I receive the following error:  
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00
MS Test
Failed
Error:
The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.
Exchange Management Shell command attempted:
New-Mailbox -Name 'MS Test' -Alias 'mstest' -OrganizationalUnit 'internal.xxx.com/Users' -UserPrincipalName 'mstest@internal.xxx.com' -SamAccountName 'mstest' -FirstName 'MS' -Initials '' -LastName 'Test' -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false -Database 'SERVERNAME\XXX Storage Group\XXX_Mail_DB'
**************************

And the following events appear in the App log of the 2007 server pointing to two recipient policies which are defined on the 2003 Server (one for each domain which assign a unique proxy address to each using an LDAP query):
The service can't work properly because Email Address Policy 'CN=XXX Recipient Policy,CN=Recipient Policies,CN=My Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=internal,DC=XXX,DC=com'  has an invalid filter rule (PurportedSearch). The error is 'Invalid token.'.  Use the Exchange Management Console to correct this problem.  New users, contacts, and groups won't be fully provisioned until this is fixed.
************************

Here is the value in the (Purported Search) field that the error above complains about:

(&((objectclass=*)(homemdb=CN=XXX Mailbox Store (SERVER03),CN=XXX Storage Group,CN=InformationStore,CN=SERVER03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=My Organization,CN=Services,CN=Configuration,DC=internal,DC=XXX,DC=com)))
*********************

I believe the problem lies with the LDAP query used to create these policies that Exchange 2007 does not like.  But for the life of me I can't find one that Exchange 2007 is happy with.  I can't move forward with this migration until this problem is resolved.  Any help would be appreciated.  Thanks!




0
Comment
Question by:Mr-Moody
  • 2
4 Comments
 
LVL 2

Expert Comment

by:thor_08
Comment Utility
0
 

Author Comment

by:Mr-Moody
Comment Utility
Thanks for the quick response!  

Yes, I have been through both articles (and probably every other article on the subject Google could dig up) which is what finally brought me to EE.  All the information that I have been able to gather seems to point to an invalid character in the LDAP query but unfortunately I can't find that invalid character and none of these articles have I been able find anything specific enough to help me.  The queries are valid for Exchange 2003 as they properly build the list of users.  I guess what I really need is assistance building an LDAP query that will distinguish users by either Information Store or better yet, AD domains, that 2007 won't complain about.  Thank you for you help!
0
 

Accepted Solution

by:
Mr-Moody earned 0 total points
Comment Utility
I was able to resolve the problem by recreating the LDAP query as follows:
(&(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(userPrincipalName=*@internal.xxx.com)))

I beleive the issue was that my search string was referring to a mailbox store name on the Ech2k3 server, but I can't be sure.

I don't beleive the question was answered since my question was specific to the LDAP query.
0
 

Expert Comment

by:NetworkRangers
Comment Utility
We had the same issue when installing Exchange 2007 mailbox role.  It would not finish installing and complained about 4 of our recipient policies.  All the policies it complained about had to do with the policy including a specified store in it.  We removed the store part of the policy and then install went just fine.  Note however that some policies that did have stores included in the query didn't throw the error so it isn't safe to say that ALL policies that include a store in the query won't work.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now