Solved

Move Exchange Server public folders for Windows SBS 2008 migration Problem

Posted on 2010-09-18
8
1,387 Views
Last Modified: 2012-05-10
Following the MS instructions for migration from an SBS 2003 to SBS 2008 server:

http://technet.microsoft.com/en-us/library/cc527516%28WS.10%29.aspx

The Public Folder Instances node on the 2003 server has not emptied after 2 days. It does not appear to be replicating and there are no items visible on the 2007 server Public Folders. Combined Public folder size is minimal < 10MB
------------------------
Found the following application event logs on the 2003 server:
-----------------------------
Event Type:      Error
Event Source:      MSExchangeIS Public Store
Event Category:      Replication Errors
Event ID:      3093
Date:            19/09/2010
Time:            11:28:21 AM
User:            N/A
Computer:      SERVER
Description:
Error -2147221233 reading property 0x67480014 on object type tbtOwningFolders from database "First Storage Group\Public Folder Store (SERVER)".
-------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS Public Store
Event Category:      Access Control
Event ID:      1030
Date:            19/09/2010
Time:            11:36:37 AM
User:            N/A
Computer:      SERVER
Description:
 failed an operation on folder /O=%domain%/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=SYSTEM CONFIGURATION00ECAA8849263BBF84F9FB92F84E278EFF0000 on database "First Storage Group\Public Folder Store (SERVER)" because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The entry ID of the folder is in the data section of this event.
------------------------------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9624
Date:            19/09/2010
Time:            11:36:36 AM
User:            N/A
Computer:      SERVER
Description:
The legacyDN /o=%domain%/ou=first administrative group/cn=Recipients/cn=%username% will not be returned because the object is a disabled user and the entry in the ACL is not for the master account sid.  Permissions for this user may be displayed as NTUSER:DOMAIN\USER.
----------------------------------------------
Exchange Best Practices Analyzer found the following problem
Missing FQDN in service principal name
The computer account for Exchange server server.%domain%.local does not appear to contain the fully-qualified domain name of Exchange SMTP virtual server 'Default SMTP Virtual Server'. This may cause Kerberos authentication to fail when sending messages between servers. The tool expected to find 'SMTPSVC/server.%domain%.com' in the 'servicePrincipalName'.
Tried following the instructions and this was the command output on the 2003 server:
C:\Program Files\Support Tools>setspn.exe -a SMTPSVC/server.%domain%.local
RVER
Registering ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=ALICE
call,DC=local
        SMTPSVC/server.%domain%.local
Updated object

C:\Program Files\Support Tools>setspn -L server
Registered ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=%domain%,DC=local:
    MSSQLSvc/server.%domain%.local
    MSSQLSvc/server.%domain%.local:1438
    exchangeMDB/server.%domain%.local
    exchangeMDB/SERVER
    exchangeRFR/server.%domain%.local
    exchangeRFR/SERVER
    exchangeAB/SERVER
    exchangeAB/server.%domain%.local
    SMTPSVC/SERVER
    SMTPSVC/server.%domain%.local
    NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/server.%domain%.local
    ldap/server.%domain%.local/ForestDnsZones.%domain%.local
    GC/server.%domain%.local/%domain%.local
    HOST/server.%domain%.local/%domain%
    HOST/SERVER
    HOST/server.%domain%.local
    HOST/server.%domain%.local/%domain%.local
    E3514235-4B06-11D1-AB04-00C04FC2DCD2/1b774f4c-42fd-4759-9250-cca435eec654/
ICEMccall.local
    ldap/1b774f4c-42fd-4759-9250-cca435eec654._msdcs.%domain%.local
    ldap/server.%domain%.local/%domain%
    ldap/SERVER
    ldap/server.%domain%.local
    ldap/server.%domain%.local/DomainDnsZones.%domain%.local
    ldap/server.%domain%.local/%domain%.local
    DNS/server.%domain%.local
-----------------------------
Re-running the Exchange Analyzer re-identifies the same issue again so i may need to do something different with the setspn command
-------------------------------
NOT: For privacy reasons i've replaced the actual domain name with %domain% and the actual username with %username%
-------------------------------------
Any help on this would be greatly appreciated as my weekend has just disappeared into bytes.
0
Comment
Question by:techsoltsg
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:arweeks
ID: 33710078
I did the same migration a while ago, the public folders had issues,   My result was just to delete the public folder store on the 2007 box and recreate a new one.  Exchange doesn't like doing this, so I had to do it in ADSI edit in the end.  

Is it possible just to export the public folders and reimport them on the 2007 box, or some similar work around?  I wouldn't worry too much about all the errors on the 2003 box, unless you're planning on keeping it.  If the new environment is working well then Id just look for the quickest way to get the PF's across and remove the old 2003.  A backup / restore via tape should work as well.
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 500 total points
ID: 33710278
The article leaves out that you have to have proper permissions for the account you are doing the migration with and the system account on both mail stores for this to work. However if the folders are less than 10 MB like you stated, it would be easier to just login to the old server with an Outlook client, export the public folders to a PST file, then open that PST file on a machine that has access to the 2008 mail store and import the folders/data. Downside to this is that permissions will not come across. Also, I do this almost every weekend and almost always the culprit is is one of the two problems listed in this article http://blogs.technet.com/b/11/archive/2009/01/28/unable-to-migrate-public-folders-from-sbs-2003-to-sbs-2008-or-ebs.aspx which is either the anonymous login is disabled on the old virtual server or that smart host forwarding is used.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33711509
I forgot to mention in my last post that if you change either or both of the things stated, you will then need to wait at least a day or two for the replication to finish again. Replication is really slow.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:techsoltsg
ID: 33713598
Hi
I've tried both the Standard domain administrator account and a copied domain administrator account to move the folders.
I pushed ahead and moved the mail databases to the new server but the following issues have arisen so I don't think i can just push ahead and get rid of the old server yet:
* Outlook 2003 clients working ok but get 0x8004010F errors when manually sending/receiving - which appears to be a problem with the offline address book.
* Exchange Clients using Outlook web access such as MS Entourage and Iphone can no longer communicate with server.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33726674
Did you check the settings I sent you last? Your new issues really are not part of this conversation and you should open up a new ticket for those. It is not fair to ask one question and then morph that in to something else. I hope you understand. Just as a note, domain admin account usually does not have the right for migration. You need to create a user specifically for migration with the rights that microsoft states in the SBS2003 to SBS2008 migration document.
0
 

Author Comment

by:techsoltsg
ID: 33732945
Public Folders moved across finally. Tried a number of things so not really sure which one worked.
I think it was either a whole lot of accounts were disabled on the old server so re-enabled them or correction of FQDM on delivery tab. Giving this one to sosinc3.
thank you
0
 

Author Closing Comment

by:techsoltsg
ID: 33732961
thanks
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33735114
The correction o the FQDM is what did it for you. Disabled user accounts don't affect public folders.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question