Solved

Move Exchange Server public folders for Windows SBS 2008 migration Problem

Posted on 2010-09-18
8
1,380 Views
Last Modified: 2012-05-10
Following the MS instructions for migration from an SBS 2003 to SBS 2008 server:

http://technet.microsoft.com/en-us/library/cc527516%28WS.10%29.aspx

The Public Folder Instances node on the 2003 server has not emptied after 2 days. It does not appear to be replicating and there are no items visible on the 2007 server Public Folders. Combined Public folder size is minimal < 10MB
------------------------
Found the following application event logs on the 2003 server:
-----------------------------
Event Type:      Error
Event Source:      MSExchangeIS Public Store
Event Category:      Replication Errors
Event ID:      3093
Date:            19/09/2010
Time:            11:28:21 AM
User:            N/A
Computer:      SERVER
Description:
Error -2147221233 reading property 0x67480014 on object type tbtOwningFolders from database "First Storage Group\Public Folder Store (SERVER)".
-------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS Public Store
Event Category:      Access Control
Event ID:      1030
Date:            19/09/2010
Time:            11:36:37 AM
User:            N/A
Computer:      SERVER
Description:
 failed an operation on folder /O=%domain%/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=SYSTEM CONFIGURATION00ECAA8849263BBF84F9FB92F84E278EFF0000 on database "First Storage Group\Public Folder Store (SERVER)" because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The entry ID of the folder is in the data section of this event.
------------------------------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9624
Date:            19/09/2010
Time:            11:36:36 AM
User:            N/A
Computer:      SERVER
Description:
The legacyDN /o=%domain%/ou=first administrative group/cn=Recipients/cn=%username% will not be returned because the object is a disabled user and the entry in the ACL is not for the master account sid.  Permissions for this user may be displayed as NTUSER:DOMAIN\USER.
----------------------------------------------
Exchange Best Practices Analyzer found the following problem
Missing FQDN in service principal name
The computer account for Exchange server server.%domain%.local does not appear to contain the fully-qualified domain name of Exchange SMTP virtual server 'Default SMTP Virtual Server'. This may cause Kerberos authentication to fail when sending messages between servers. The tool expected to find 'SMTPSVC/server.%domain%.com' in the 'servicePrincipalName'.
Tried following the instructions and this was the command output on the 2003 server:
C:\Program Files\Support Tools>setspn.exe -a SMTPSVC/server.%domain%.local
RVER
Registering ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=ALICE
call,DC=local
        SMTPSVC/server.%domain%.local
Updated object

C:\Program Files\Support Tools>setspn -L server
Registered ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=%domain%,DC=local:
    MSSQLSvc/server.%domain%.local
    MSSQLSvc/server.%domain%.local:1438
    exchangeMDB/server.%domain%.local
    exchangeMDB/SERVER
    exchangeRFR/server.%domain%.local
    exchangeRFR/SERVER
    exchangeAB/SERVER
    exchangeAB/server.%domain%.local
    SMTPSVC/SERVER
    SMTPSVC/server.%domain%.local
    NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/server.%domain%.local
    ldap/server.%domain%.local/ForestDnsZones.%domain%.local
    GC/server.%domain%.local/%domain%.local
    HOST/server.%domain%.local/%domain%
    HOST/SERVER
    HOST/server.%domain%.local
    HOST/server.%domain%.local/%domain%.local
    E3514235-4B06-11D1-AB04-00C04FC2DCD2/1b774f4c-42fd-4759-9250-cca435eec654/
ICEMccall.local
    ldap/1b774f4c-42fd-4759-9250-cca435eec654._msdcs.%domain%.local
    ldap/server.%domain%.local/%domain%
    ldap/SERVER
    ldap/server.%domain%.local
    ldap/server.%domain%.local/DomainDnsZones.%domain%.local
    ldap/server.%domain%.local/%domain%.local
    DNS/server.%domain%.local
-----------------------------
Re-running the Exchange Analyzer re-identifies the same issue again so i may need to do something different with the setspn command
-------------------------------
NOT: For privacy reasons i've replaced the actual domain name with %domain% and the actual username with %username%
-------------------------------------
Any help on this would be greatly appreciated as my weekend has just disappeared into bytes.
0
Comment
Question by:techsoltsg
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:arweeks
ID: 33710078
I did the same migration a while ago, the public folders had issues,   My result was just to delete the public folder store on the 2007 box and recreate a new one.  Exchange doesn't like doing this, so I had to do it in ADSI edit in the end.  

Is it possible just to export the public folders and reimport them on the 2007 box, or some similar work around?  I wouldn't worry too much about all the errors on the 2003 box, unless you're planning on keeping it.  If the new environment is working well then Id just look for the quickest way to get the PF's across and remove the old 2003.  A backup / restore via tape should work as well.
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 500 total points
ID: 33710278
The article leaves out that you have to have proper permissions for the account you are doing the migration with and the system account on both mail stores for this to work. However if the folders are less than 10 MB like you stated, it would be easier to just login to the old server with an Outlook client, export the public folders to a PST file, then open that PST file on a machine that has access to the 2008 mail store and import the folders/data. Downside to this is that permissions will not come across. Also, I do this almost every weekend and almost always the culprit is is one of the two problems listed in this article http://blogs.technet.com/b/11/archive/2009/01/28/unable-to-migrate-public-folders-from-sbs-2003-to-sbs-2008-or-ebs.aspx which is either the anonymous login is disabled on the old virtual server or that smart host forwarding is used.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33711509
I forgot to mention in my last post that if you change either or both of the things stated, you will then need to wait at least a day or two for the replication to finish again. Replication is really slow.
0
 

Author Comment

by:techsoltsg
ID: 33713598
Hi
I've tried both the Standard domain administrator account and a copied domain administrator account to move the folders.
I pushed ahead and moved the mail databases to the new server but the following issues have arisen so I don't think i can just push ahead and get rid of the old server yet:
* Outlook 2003 clients working ok but get 0x8004010F errors when manually sending/receiving - which appears to be a problem with the offline address book.
* Exchange Clients using Outlook web access such as MS Entourage and Iphone can no longer communicate with server.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Expert Comment

by:sosinc3
ID: 33726674
Did you check the settings I sent you last? Your new issues really are not part of this conversation and you should open up a new ticket for those. It is not fair to ask one question and then morph that in to something else. I hope you understand. Just as a note, domain admin account usually does not have the right for migration. You need to create a user specifically for migration with the rights that microsoft states in the SBS2003 to SBS2008 migration document.
0
 

Author Comment

by:techsoltsg
ID: 33732945
Public Folders moved across finally. Tried a number of things so not really sure which one worked.
I think it was either a whole lot of accounts were disabled on the old server so re-enabled them or correction of FQDM on delivery tab. Giving this one to sosinc3.
thank you
0
 

Author Closing Comment

by:techsoltsg
ID: 33732961
thanks
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33735114
The correction o the FQDM is what did it for you. Disabled user accounts don't affect public folders.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now