Solved

Running Exmerge on Exchange 2003 SP3 and Windows 2003 SP 2

Posted on 2009-05-18
13
313 Views
Last Modified: 2012-05-07
Hi,
I created a new user to use with Exmerge. I gave that user admin rights as well as domain rights.
I then created a security group and placed that user in it.
I delegated control to the group and gave the group full rights at the Store level.
As per Microsoft:  http://support.microsoft.com/kb/292509

However, two strange things are happening.

1. When I log on as that user, I get an error message when trying to retrieve the list of users in ExMerg ("Error getting list of private information store databases on server."). When I launch ESM as that user, I can't see the database. This tells me I must have a permission issue someplace but I can't figure out where.  Any ideas?

2. After I was done experimenting with this, I right clicked on the new user I created and disabled it. Then the next morning some error messages in my Application Log:  ID 1058:
"Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=crd,DC=lcl. The file must be present at the location <\\crd.lcl\sysvol\crd.lcl\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted."
Also an error in my   System log: ID 40960: "The Security System detected an authentication error for the server cifs/crd.lcl.  The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.
 (0xc0000072)".

Are these error messages because I disabled the user. It appears as though that's the case but I don't know why.


Thanks,
Mike


0
Comment
Question by:michaelshavel
  • 5
  • 5
  • 3
13 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 24411166
have you tried to restart the information store after assigning the permission ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24411229
If the account that we are using is a member of other groups and they have deny for SendAs and ReceiveAs this would be a problem. For that you cantry creating a user who is a member of no group rather then the default one, then give it Exchange Full admin and also give it rights on the ORg as full control and verify that they get to the store level. Once that is done you can try running the Exmerge with the option of RunAs and use this new account. For the info about the disabled account it would have an Event 9548 for the disabled account.
This event says that it cannot access a share and find a GPT file
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=crd,DC=lcl. The file must be present at the location <\\crd.lcl\sysvol\crd.lcl\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
Also in this event i see refernce to the same server
System log: ID 40960: "The Security System detected an authentication error for the server cifs/crd.lcl.  
0
 
LVL 1

Author Comment

by:michaelshavel
ID: 24411666
Akhater --

No I didn't restart the store. Is this necessary?
I will give it a try.

0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24411716
You can try once
0
 
LVL 1

Author Comment

by:michaelshavel
ID: 24411989
Rancy --
The thing is that I need to run all of this remotely, as this server is hosted as at a hosting company. I can't physically sit down in front of it, that's why I included it as part of the admin group (The Admin group is the only one who can log on remotely I believe)
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24412302
yeah. ohk but as i said that if its a member of XYZ and that group has deny for SendAs and ReceiveAs then it would take the presedence. So you might have to have a look at this and if possible you can take PST from Outlook cache user but this would be a manual process.
0
 
LVL 1

Author Comment

by:michaelshavel
ID: 24412399
Ok.

Question:
All I really need it to use ExMerge to import some contacts from a .pst file,  into a users account (they use OWA, not Outlook).
Is there ANY way I can just do this as the Admin user?  Can I give the Admin user permission to do this on a specific box and then take that permission away when I'm done?
 This is very frustrating.
Thanks
Mike
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24413297
You need to restart the information store for the permissions to be applied

and yes you can give the administrator permissions on the mailbox and use it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24413423
here is for the administrator question

http://support.microsoft.com/kb/823143
0
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 500 total points
ID: 24418679
Yes you can add the Admin account and give it full control on those set of account with Full Control.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 24440211
Hello michaelshavel any update on the status of the issue ?
0
 
LVL 1

Author Comment

by:michaelshavel
ID: 24441115
Rancy,

Resolution:
I was able to add the Admin group directly to each user, then just click "Full Control". Then I could run ExMerge on that user, as Admin, with no problem at all.  This was by far the simplest way for me to do this.

As for the "Windows can't access gpt.ini" error message in my Application log, that went away when I stopped trying to jump through hoops giving a new user correct access to run ExMerge. I'm sure it had to do with me trying to make this work.

Thanks for the help.  You get the points for your suggestions and for sticking with me.

Mike
0
 
LVL 1

Author Closing Comment

by:michaelshavel
ID: 31583926
Rancy,

Resolution:
I was able to add the Admin group directly to each user, then just click "Full Control". Then I could run ExMerge on that user, as Admin, with no problem at all.  This was by far the simplest way for me to do this.

As for the "Windows can't access gpt.ini" error message in my Application log, that went away when I stopped trying to jump through hoops giving a new user correct access to run ExMerge. I'm sure it had to do with me trying to make this work.

Thanks for the help.  You get the points for your suggestions and for sticking with me.

Mike
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now