?
Solved

MAPIMailbox::MAPIMailbox - OpenMsgStore (0x8004011d) failed

Posted on 2009-12-19
15
Medium Priority
?
9,271 Views
Last Modified: 2012-05-08
A single blackberry user has the following error in my event viewer for the BES Server

{first.last@domain.com} MAPIMailbox::MAPIMailbox - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=CompanyName/ou=First Administrative Group/cn=Recipients/cn=first.last, ServerDN=/o=CompanyName/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE/cn=Microsoft Private MDB

User first last not started

I see the problem here ou=First Administrative Group was where the old exchange server was and ou=Exchange Administrative Group is where the new exchange server is.

I upgraded from Exchange 2003 to Exchange 2010, also upgraded BES from 4.1 to 5.0.1 MR1

How do I fix this issue?
0
Comment
Question by:TestMonkey
  • 8
  • 7
15 Comments
 
LVL 19

Expert Comment

by:-jonny-
ID: 26090919
Run the handheldcleanup.exe utility, located in c:\program files\research in motion\blackberry enterprise server\tools

use the -u switch and it will scan each user's mailbox and correct the wrong exchange server information.
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26091177
MAPILogonEx() failed (80040111)

:(

Error i got when running

This is BES 5.0.1 MR1 and Exchange 2010
0
 
LVL 19

Expert Comment

by:-jonny-
ID: 26091182
Ok have you followed the instructions and downloaded the correct mapicdo package listed here:

http://na.blackberry.com/eng/services/server/exchange/2010support.jsp

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:TestMonkey
ID: 26091183
Yeapers, 100s of users are working fine, its just this one complaining
0
 
LVL 19

Expert Comment

by:-jonny-
ID: 26091209
Did you keep the same besadmin account and migrate that across? or a new one for 2010?

Have you tried reloading the user? or deleting/re-adding them? I know it's not ideal as the user will need to wipe their handheld and re-activate but that should reset the correct mailbox for the user.
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26091214
Yes, did the reset of the specific user in question and still the same error.  Whats weird is their BB works perfect, i just need to get rid of the error because I have MoM setup to pickup on such errors (every 9/10 minutes it sends an alarm)

yes there are two BESAdmin accounts, one called Blackberry which is the new one and an oldone called BESAdmin

All other users have both on their accounts and have zero issues and no errors

Send as and receive have been checked, did the advanced and propegate child permissions
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26091230
I see the problem here ou=First Administrative Group was where the old exchange server was and ou=Exchange Administrative Group is where the new exchange server is.

ou=First Administrative Group still exists in AD but nothing should be associated with it, reviewing the BBUser accounts, this is the only one that is pointing to the old exchange organization
0
 
LVL 19

Expert Comment

by:-jonny-
ID: 26091240
Yep, was just about to say that exchange has stored both ou's for the user hence the error. Has the old exchange server been decommissioned? If exchange can be updated so that the old server information isn't reflected in the user's AD profile then you shouldn't receive any more errors.
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26091245
old exchange is now a virtual machine host lol

any other way to fix it?
0
 
LVL 19

Expert Comment

by:-jonny-
ID: 26091255
I'm sure there's some way of manually modifying exchange but unfortunately I don't know how to do so in exchange 2010.
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26112343
Found two issues

One, the admin account i have is blackkberry server, and my mapi profile is simply blackberryserver, cant add the space, this doesnt stop me from actually activating users though, just keeps me from running the utilities and they cannot connect to the message store

Now Im noticing that some users need to have their permissions updated on the DC, send as for the besadmin but they only work once i make the changes and reboot both the exchange and the bes server
0
 
LVL 19

Expert Comment

by:-jonny-
ID: 26112642
Ok for your first issue you can rename your service account - just make sure that you change all the "Log on" properties for the blackberry services in the services control panel (except for those listed as using a local system account).

You'll also need to modify the local security policy to allow that user account to "Log on as service" as well as "log on locally".

You'll need to reboot afterwards for this to take effect, and don't forget about domain/AD propagation of the details and any potential delays.

For the second issue, make sure the besadmin account (or the other blackberry account) isn't a member of domain admins or any "protected" group. If so, exchange will automatically revoke send-as permissions.
If the issue pertains only to a certain number of users (i.e. not the entire blackberry estate) then see if those affected users are part of the Account operators group. If so, are you able to remove them from that group? certain user group memberships revoke permissions for other accounts for security reasons.
0
 
LVL 1

Author Comment

by:TestMonkey
ID: 26114660
Actually the BES Admin account is a memory of domain administrators, not sure why that happened as i folled the guide to a t, well except for the fact i had a name with a space but i see nowhere in the doc it says I cant do this lol
0
 
LVL 19

Assisted Solution

by:-jonny-
-jonny- earned 2000 total points
ID: 26116338
Ahhh! When 4.1 first came out it was fine to have besadmin as a domain admin and made it easier when it came to local server permissions.
However MS released a hotfix I think when 4.1.4 was about that revoked the Send As permissions for protected accounts as it was deemed a security risk, hence why none of the docs for 4.1 have the "must not be a member of domain admin group" in there.

It should be in the docs for 5.0.1 though. Has that resolved your issues?
0
 
LVL 1

Accepted Solution

by:
TestMonkey earned 0 total points
ID: 26120161
Jonny

All fixed, it was a connections thing, what bothered me about permissions is that on my own user id and nearly 200 others, you cant find the blackberry admin users anywhere, under advanced notta and we work flawlessly

Others have permissions that I can view and they work etc

In 5.0.1 i think putting the permissions at the Info Store level and giving it view only creds does everything

http://docs.blackberry.com/en/admin/deliverables/12142/Disable_client_throttling_Exchange_10_963026_11.jsp

Theres what cleared up all my issues
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question