Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Permissions inheritance block on Exchange Servers group object

Posted on 2012-08-11
21
Medium Priority
?
1,503 Views
Last Modified: 2012-08-12
Hi Guys,
I have 2 exchange 2003 sp2 servers in the same site\admin group. I'm trying to replicate public folder content to another server, recently recovered via the /disasterrecovery switch.

Now all mailboxes and the original public folder store is fine. RUS seems ok because i can create new accounts and mailboxes, and access them fine.

Howerver, i don't think public folder contect is working. The top level and sub level folders have been created, but as yet no content has arrived.

I ran an exchange health (BPA) scan and it reports the following error:

Permissions inheritance block on Exchange Domain Servers group object

Access control list (ACL) inheritance is blocked for the Exchange Domain Servers group object in domain 'bsimerch.local' (CN=Exchange Domain Servers,CN=Users,DC=bsimerch,DC=local). This may cause mail flow problems, recipient update service failures and other service outages. Use the Active Directory Users and Computers program to re-enable inheritance on this object.

Now i did take a look at the tell me more and looked at

http://support.microsoft.com/?kbid=254030
These symtoms are not happening to me. I can create new mailboxes ok on either server and they get stamped with the relevent information.

Help!
0
Comment
Question by:dlloyd37
  • 11
  • 8
  • 2
21 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38283970
Can you tell what is the exact error ... are you having problems with unable to replicate data from One Server to another ?

- Rancy
0
 

Author Comment

by:dlloyd37
ID: 38284095
Hi Rancy,
Good to hear from you dude.  This is the error i have in my application event log.

I also created a new public folder called Test


Error -2147221233 reading property 0x674b0014 on object type tbtMsgFolder from database "First Storage Group\Public Folder Store (BACKSTREET1)".


The public folders with the content are on a the other exchange server. I have managed to replicate the folder tree but i have had no content come accross. However, I created a new top level public folder called test and posted into it. Set it to replicate and it seems to work.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38284113
Perfect check if any other PF folder already on the other server has this new PF Database in the Replication ... if so we might need to use PFDavAdmin to try and add the new PF database to all PF folders as replica.

- Rancy
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 200 total points
ID: 38284127
It is always recommended to clean ExBPa from its published warning and errors.

Now, to talk about your issue. Open Exchange System Manager - Right click on your Organization and select Start Public, you can select Send content / hierarcy, more over also check on Org right click, do you find an option to start replication.

Regards,
Exchange_Geek
0
 

Author Comment

by:dlloyd37
ID: 38284131
how do i check that Randy?

Not sure what you mean, the structure has replicated i think, as i can see all the folders on both servers. I'm using ESM > folder properites and switching between servers. One shows the content, the other shows only the folders without content.
0
 

Author Comment

by:dlloyd37
ID: 38284153
The only option by right clicking my organisation object is to "stop public folder content replication"
0
 

Author Comment

by:dlloyd37
ID: 38284225
another thing i noticed is that if i run the ESM from the server that hosts the public folders with the content in, i can't veiw any of the contents through esm.

If i go to the the other exchange server and run up ESM and connect over to the public folders server, via the folder properties i can. I have to supply the domain username and password though. Some low level folders give accessed denied though.

Any ideas?
0
 

Author Comment

by:dlloyd37
ID: 38284523
ok guys, another thing i have noticed. If i load up ESM on the member server (second Exchange installation i'm trying to get content to) and checking the public folder permissions, via Server name>first storage group>public folder store, i find that the permissions differ on one of the servers.

Public folder Store (backstreet1) properties shows that the exchange domian servers have all their boxes ticked and greyed out.

If i do the same on Public folder store (gooner) only the read, execute and read permissions are set and greyed out. If i look under advanced i can see Exchange domain servers has a deny along with domain admins, enterprise admins, administrator etc.

This seem to focus around send and recieve as etc.
0
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 1800 total points
ID: 38284524
What you see is the Hierarchy and it replicates by default .... for Content to replicate you need to go into properties of one PF -> go to replication tab and see if the other PF store is listed if yes or no .... remove hit ok wait for few minutes, go back add and set the replication to always run and hit ok and wait for sometime to allow replication.

There is no option from Org level to force content or force replication :(

- Rancy
0
 

Author Comment

by:dlloyd37
ID: 38284550
so then i would go back to ESM and go to folder properties > public folder store. Connect to the one with content and select properties on one of the top level folders (in my case "client Emails"). Click the replication tab and remove the other exchange server. Then add it back and wait for a bit?

Thanks...its appreciated, my head hurts :(

David
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38284557
You got it !!

I know its really difficult to work this way .... kind of post wait and re-post and keep checking :(

- Rancy (Profile)
0
 

Author Comment

by:dlloyd37
ID: 38284583
Thanks m8...i've done that on a few top level folders.

One other thing, i have a toplevel PF folder with litrally thoasands of subfolders, each one has the other exchange server listed in the replication tab. When i remove and re-add on the root folder will that propogate down through these subfolders? It will take some serious time to do these one by one....Is that where PFadmin is useful?


I have left this till last until i can confirm i can replicate the smaller ones first.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38284592
Might not .... i can work with PFDavAdmin .... really want to you check and play with few in the starting and then "All at the rest" !!

But note one thing moving huge data across servers can cause PF storm and can take down everything :(

Microsoft Exchange Server Public Folder DAV-based Administration Tool
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=22427

Microsoft Exchange Server Public Folder DAV-based Administration Tool
http://technet.microsoft.com/en-us/library/bb508858%28v=EXCHG.65%29.aspx

PFDavAdmin tool (Part 2) Check this out
http://www.msexchange.org/articles/PFDavAdmin-tool-Part2.html

- Rancy
0
 

Author Comment

by:dlloyd37
ID: 38284603
Thanks m8, that's some great info there...

This is why i wanted to test the other folders first, they are small toplevel folders with a few bit of info in.

The top level folder i'm really interested in is has approx 40GB of information stored within thoasands of subfolders. This is the one i really need to make available to users. As thier mailboxes all reside on the non replicated server they cannot see the contents. Where as if their mailbox is on the other server they can...

I'll leave this now and check in the morning and see if anything has replicated. Thanks again
for your help..

David
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38284610
Look maybe a Top folder or entire PF is 40GB but you will have some Top level Pf's and Sub-PF's ..... so we need to try and work with one or few Data at a time and you can always keep a track of data checking the size of the PF database on the other server :)

- Rancy
0
 

Author Comment

by:dlloyd37
ID: 38284616
Yeah...i have just removed and re-added the server on those small top level folders for now.

I'll sleep on it as its now 3am and feeling a bit tired.

I'll check in the morning
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38284630
Woops .... TC and have a nice sleep !!

- Rancy
0
 

Author Comment

by:dlloyd37
ID: 38285156
hey guys,
I just woke up and am checking the server and replication looks like content is coming accross, i was only expecting those folders i chose, however, it looks like everything is now coming accross.....800 messages in the local delivery queue and falling. Both public folder stores now have content.

looking at the pub.edb file its gone from a few meg to over 9GB and climbing as a watch it.

i'll keep my eye on it..
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38285187
Awesome :)

Regards,
Exchange_Geek
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38285453
Good to hear that !! Now you can relax and just wait for it to complete :)

- Rancy
0
 

Author Closing Comment

by:dlloyd37
ID: 38285501
Excellent guidence and patience show again.

Thanks guys, your amazing!

I'm sure i'll be back with more trouble soon!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This video discusses moving either the default database or any database to a new volume.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question