Unable to move Exchange 2003 mailbox to Exchange 2010 mailstore - Unable to make connection to the server

Hi,

I am currently upgrading a client who is running on Exchange 2003 SP2 (hosted in a hyper V VM) to Exchange 2010 SP1 (hosted on a VMWARE VM).

Exchange 2003 - BETA
Exchange 2010 - THETA

The 2010 install went as planned and I have confirmed routing group connector on System Manager on BETA. I am also able to see all mailboxes on BETA store via EMC on Exchange 2010.

I am unable to move any mailboxes on BETA store to THETA store. This is the error I am getting via local move request on exchange 2010.

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01


Administrator
Failed

Error:
MapiExceptionNoAccess: Unable to make connection to the server. (hr=0x80070005, ec=-2147024891)
Diagnostic context:
    ......
    Lid: 16280   dwParam: 0x5        Msg: EEInfo: ComputerName: n/a
    Lid: 8600    dwParam: 0x5        Msg: EEInfo: ProcessID: 2200
    Lid: 12696   dwParam: 0x5        Msg: EEInfo: Generation Time: 2013-09-29 22:37:38:670
    Lid: 10648   dwParam: 0x5        Msg: EEInfo: Generating component: 2
    Lid: 14744   dwParam: 0x5        Msg: EEInfo: Status: 5
    Lid: 9624    dwParam: 0x5        Msg: EEInfo: Detection location: 701
    Lid: 13720   dwParam: 0x5        Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x5        Msg: EEInfo: NumberOfParameters: 2
    Lid: 12952   dwParam: 0x5        Msg: EEInfo: prm[0]: Long val: 9
    Lid: 12952   dwParam: 0x5        Msg: EEInfo: prm[1]: Long val: 0
    Lid: 59505   StoreEc: 0x80070005
    Lid: 52465   StoreEc: 0x80070005
    Lid: 60065  
    Lid: 33777   StoreEc: 0x80070005
    Lid: 59805  
    Lid: 52209   StoreEc: 0x80070005
    Lid: 56583  
    Lid: 52487   StoreEc: 0x80070005
    Lid: 19778  
    Lid: 27970   StoreEc: 0x80070005
    Lid: 17730  
    Lid: 25922   StoreEc: 0x80070005

Exchange Management Shell command attempted:
'domain.com.au/Users/Administrator' | New-MoveRequest -TargetDatabase 'Company Mailstore'

Elapsed Time: 00:00:01


I noticed a 1007 event in the event viewer as well.

I have run BPA permissions on both servers which returned with no errors.

I have confirmed both servers are in the appropriate exchange groups:

Exchange Domain Servers
Exchange Install Domain Severs
Exchange Servers
Exchange Trusted Subsystem

I am logged on with domain admin account.

Both servers are running a single nic and both can NetBIOS and tcp resolve the other.

Not sure what to try next. Have googled but ending up with the same resolutions which don't seem to be working.

Any advice on a possible resolution would be greatly appreciated.
BrimbankCCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris WongCommented:
1.  on the schema master box, under administrative tools>domain security policy>local policy>user rights>access this computer from the network(very first setting)  I added the administrators group.

2. on the old exchange 03 box, I opened a command prompt and typed "gpupdate /target:computer /force.

3.  everything now works..hope this helps.
0
BrimbankCCAuthor Commented:
Thanks Drashiel,

I have gone through that particular solution thread but I am still receiving the same error.

I am able to create new mailboxes on the Exchange 2010 store. I have run the BPA permissions with no noticeable errors on both servers.

I am confident it is a simple permissions issue but I have confirmed all AD permissions.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

BrimbankCCAuthor Commented:
Hi hkchris,

I have tried this but it has not worked.
0
BrimbankCCAuthor Commented:
Furthermore, if I try and give full mailbox permissions to a 2003 mailbox within 2010 EMC, I receive the following error:

Exchange Information Store on server 'server.domain.com.au' is inaccessible. make sure that the network is connected and that the exchange information store is running. It was running the command 'Get-MailboxPermission -Identity 'CN=Administrator, CN=Users, DC=company,DC=com,DC=au".

The 2003 Exchange box is currenlt hosting all mailboxes. Mail flow is working and the 2003 server is accessible.
0
Simon Butler (Sembee)ConsultantCommented:
If you are on Exchange 2010 SP1, then I suggest that you upgrade to Exchange 2010 SP3 before you go any further. That will mean no downtime.

I see problems like this a lot, and it is usually down to lack of permission inheritance on the user account in ADUC. I would check that is in place as the first thing to verify.

Simon.
0
BrimbankCCAuthor Commented:
Hi Sembee2,

Thanks for that. I have already installed Exchange 2010 SP3 thinking that was the issue.

I have also updated Exchange 2003 to SP2 after the installation of Exchange 2010. Not sure if that would make any difference.

Is there any other way I can migrate mailboxes bar exporting to PSTs and importing?
0
Simon Butler (Sembee)ConsultantCommented:
Did you check the permissions? You should have had Exchange 2003 on SP2 plus post SP2 updates before starting the migration. Have you run Microsoft Update to ensure there are no additional updates required?

Simon.
0
BrimbankCCAuthor Commented:
Hi,

I ended up calling Microsoft break/fix support as I need to get this migration up and running.

In the end, both exchange servers were not getting their security policies updated correctly from DC.

The local security policies (secpol.msc)

Local Policies
User Rights Assignment

The first setting "Access this computer from the network". Mine only had Domain Users. Microsoft added Authenticated Users, everyone and domain\administrator by simply doing a gpupdate /force.

I am a little sceptical about this as I had read a walkthrough regarding this exact same setting and because I could not change the settings at a local level (greyed out) I did a gpupdate /force.

But any way hope this helps someone and prevents them from having to call Microsoft.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BrimbankCCAuthor Commented:
I could not wait any longer as problem was affecting production so I paid the $390 to raise an MS ticket and have a MS technician fix the issue for me.
0
BrimbankCCAuthor Commented:
ended up calling Microsoft break/fix
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.