?
Solved

Move Exchange Server public folders for Windows SBS 2008 migration Problem

Posted on 2010-09-18
8
Medium Priority
?
1,408 Views
Last Modified: 2012-05-10
Following the MS instructions for migration from an SBS 2003 to SBS 2008 server:

http://technet.microsoft.com/en-us/library/cc527516%28WS.10%29.aspx

The Public Folder Instances node on the 2003 server has not emptied after 2 days. It does not appear to be replicating and there are no items visible on the 2007 server Public Folders. Combined Public folder size is minimal < 10MB
------------------------
Found the following application event logs on the 2003 server:
-----------------------------
Event Type:      Error
Event Source:      MSExchangeIS Public Store
Event Category:      Replication Errors
Event ID:      3093
Date:            19/09/2010
Time:            11:28:21 AM
User:            N/A
Computer:      SERVER
Description:
Error -2147221233 reading property 0x67480014 on object type tbtOwningFolders from database "First Storage Group\Public Folder Store (SERVER)".
-------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS Public Store
Event Category:      Access Control
Event ID:      1030
Date:            19/09/2010
Time:            11:36:37 AM
User:            N/A
Computer:      SERVER
Description:
 failed an operation on folder /O=%domain%/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=SYSTEM CONFIGURATION00ECAA8849263BBF84F9FB92F84E278EFF0000 on database "First Storage Group\Public Folder Store (SERVER)" because the user did not have the following access rights:

'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'

The entry ID of the folder is in the data section of this event.
------------------------------------------------------------
Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9624
Date:            19/09/2010
Time:            11:36:36 AM
User:            N/A
Computer:      SERVER
Description:
The legacyDN /o=%domain%/ou=first administrative group/cn=Recipients/cn=%username% will not be returned because the object is a disabled user and the entry in the ACL is not for the master account sid.  Permissions for this user may be displayed as NTUSER:DOMAIN\USER.
----------------------------------------------
Exchange Best Practices Analyzer found the following problem
Missing FQDN in service principal name
The computer account for Exchange server server.%domain%.local does not appear to contain the fully-qualified domain name of Exchange SMTP virtual server 'Default SMTP Virtual Server'. This may cause Kerberos authentication to fail when sending messages between servers. The tool expected to find 'SMTPSVC/server.%domain%.com' in the 'servicePrincipalName'.
Tried following the instructions and this was the command output on the 2003 server:
C:\Program Files\Support Tools>setspn.exe -a SMTPSVC/server.%domain%.local
RVER
Registering ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=ALICE
call,DC=local
        SMTPSVC/server.%domain%.local
Updated object

C:\Program Files\Support Tools>setspn -L server
Registered ServicePrincipalNames for CN=SERVER,OU=Domain Controllers,DC=%domain%,DC=local:
    MSSQLSvc/server.%domain%.local
    MSSQLSvc/server.%domain%.local:1438
    exchangeMDB/server.%domain%.local
    exchangeMDB/SERVER
    exchangeRFR/server.%domain%.local
    exchangeRFR/SERVER
    exchangeAB/SERVER
    exchangeAB/server.%domain%.local
    SMTPSVC/SERVER
    SMTPSVC/server.%domain%.local
    NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/server.%domain%.local
    ldap/server.%domain%.local/ForestDnsZones.%domain%.local
    GC/server.%domain%.local/%domain%.local
    HOST/server.%domain%.local/%domain%
    HOST/SERVER
    HOST/server.%domain%.local
    HOST/server.%domain%.local/%domain%.local
    E3514235-4B06-11D1-AB04-00C04FC2DCD2/1b774f4c-42fd-4759-9250-cca435eec654/
ICEMccall.local
    ldap/1b774f4c-42fd-4759-9250-cca435eec654._msdcs.%domain%.local
    ldap/server.%domain%.local/%domain%
    ldap/SERVER
    ldap/server.%domain%.local
    ldap/server.%domain%.local/DomainDnsZones.%domain%.local
    ldap/server.%domain%.local/%domain%.local
    DNS/server.%domain%.local
-----------------------------
Re-running the Exchange Analyzer re-identifies the same issue again so i may need to do something different with the setspn command
-------------------------------
NOT: For privacy reasons i've replaced the actual domain name with %domain% and the actual username with %username%
-------------------------------------
Any help on this would be greatly appreciated as my weekend has just disappeared into bytes.
0
Comment
Question by:techsoltsg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:arweeks
ID: 33710078
I did the same migration a while ago, the public folders had issues,   My result was just to delete the public folder store on the 2007 box and recreate a new one.  Exchange doesn't like doing this, so I had to do it in ADSI edit in the end.  

Is it possible just to export the public folders and reimport them on the 2007 box, or some similar work around?  I wouldn't worry too much about all the errors on the 2003 box, unless you're planning on keeping it.  If the new environment is working well then Id just look for the quickest way to get the PF's across and remove the old 2003.  A backup / restore via tape should work as well.
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 1500 total points
ID: 33710278
The article leaves out that you have to have proper permissions for the account you are doing the migration with and the system account on both mail stores for this to work. However if the folders are less than 10 MB like you stated, it would be easier to just login to the old server with an Outlook client, export the public folders to a PST file, then open that PST file on a machine that has access to the 2008 mail store and import the folders/data. Downside to this is that permissions will not come across. Also, I do this almost every weekend and almost always the culprit is is one of the two problems listed in this article http://blogs.technet.com/b/11/archive/2009/01/28/unable-to-migrate-public-folders-from-sbs-2003-to-sbs-2008-or-ebs.aspx which is either the anonymous login is disabled on the old virtual server or that smart host forwarding is used.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33711509
I forgot to mention in my last post that if you change either or both of the things stated, you will then need to wait at least a day or two for the replication to finish again. Replication is really slow.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:techsoltsg
ID: 33713598
Hi
I've tried both the Standard domain administrator account and a copied domain administrator account to move the folders.
I pushed ahead and moved the mail databases to the new server but the following issues have arisen so I don't think i can just push ahead and get rid of the old server yet:
* Outlook 2003 clients working ok but get 0x8004010F errors when manually sending/receiving - which appears to be a problem with the offline address book.
* Exchange Clients using Outlook web access such as MS Entourage and Iphone can no longer communicate with server.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33726674
Did you check the settings I sent you last? Your new issues really are not part of this conversation and you should open up a new ticket for those. It is not fair to ask one question and then morph that in to something else. I hope you understand. Just as a note, domain admin account usually does not have the right for migration. You need to create a user specifically for migration with the rights that microsoft states in the SBS2003 to SBS2008 migration document.
0
 

Author Comment

by:techsoltsg
ID: 33732945
Public Folders moved across finally. Tried a number of things so not really sure which one worked.
I think it was either a whole lot of accounts were disabled on the old server so re-enabled them or correction of FQDM on delivery tab. Giving this one to sosinc3.
thank you
0
 

Author Closing Comment

by:techsoltsg
ID: 33732961
thanks
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33735114
The correction o the FQDM is what did it for you. Disabled user accounts don't affect public folders.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question