MailboxExportRequest - FilePath pointing to Share on Exchange Server (Network Steve Forum)

MailboxExportRequest - FilePath pointing to Share on Exchange Server

Hi there,

please consider the following scenario:

Two Multirole Exchange Servers (2010; Server A, Server B) with CASArray and DAG, all working properly
I created a folder and a share on one Server A namend "Export"
I granted fullaccess to the "Exchange Trusted Subsystem" to both, the folder and the share
Now I start a MailboxExportRequest referring the filepath to \\A\Export\nameofpst.pst

The MailboxExportRequest works, when Server B is requested as MRS Server. The MailboxExportRequest fails, when Server A is requested as MRS Server.

Does anyone have an idea, why Server A is failing to execute the MailbosExportRequest, while Server B works like a charm?

It is obviously a matter of permissions, but I do not quite understand, where the root cause might be.

I already restarted the mailbox replication service on both machines more than once, but that didn't help. I did not yet restart the whole machines, but will do on the next weekend.

Thanks in advance and kind regards

Harry

August 26th, 2015 9:18am

Hi Harald,

From server A, are you using the UNC path to export the email? i.e. \\A\Export\nameofpst.pst

What error are you getting? You can find this out using Get-MailboxExportRequestStatistics -IncludeReport

Thanks.

Free Windows Admin Tool Kit Click here and download it now

August 26th, 2015 10:01am

Hi Mark,

yes, I used the UNC path for the cmdlet does not accept any local path.

This is the report (I anonymized the names though):

8/26/2015 2:24:36 PM [Server B] '<adminuser>' created request.
8/26/2015 2:27:29 PM [Server A] The Microsoft Exchange Mailbox Replication service 'Server A' (14.3.227.0 caps:07) is examining the request.
8/26/2015 2:27:29 PM [Server A] Connected to source mailbox 'Primary (Guid)', database 'DB02', Mailbox server 'Server B (Server A)' Version 14.3 (Build 235.0).
8/26/2015 2:27:29 PM [Server A] Fatal error UnableToOpenPSTPermanentException has occurred.
Error details: Unable to open PST file '\\A\Export\nameofpst.pst'. Error details: Access to the path '\\A\Export\nameofpst.pst' is denied. --> Access to the path '\\A\Export\nameofpst.pst' is denied.
   at Microsoft.Exchange.MailboxReplicationService.LocalPST.Microsoft.Exchange.MailboxReplicationService.IMailbox.Connect(MailboxConnectFlags connectFlags)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass19.<Microsoft.Exchange.MailboxReplicationService.IMailbox.Connect>b__18()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.Connect(MailboxConnectFlags connectFlags)
   at Microsoft.Exchange.MailboxReplicationService.MergeJob.<BeginJob>b__2()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
Error context: --------
Operation: IMailbox.Connect
OperationSide: Target
PST (\\A\Export\nameofpst.pst)
Flags: None
8/26/2015 2:27:29 PM [Server A] Relinquishing job.

Thanks for your help.

August 26th, 2015 10:31am

Grant your user account permissions and check that you can open the shared folder using explorer so that we can rule out a number of issues (e.g. time issues and other kerberos issues).

Once done, check that you have assigned both Share and NTFS permissions to the Exchange Trusted Subsystem. If the PST already exists then check that it is inheriting permissions from the parent folder.

If you still have issues, you can run a command prompt as local system using psexec -i -s cmd.exe then use whoami /groups to check that the Exchange server is a member of the Exchange Trusted Subsystem group.

Thanks.

Free Windows Admin Tool Kit Click here and download it now

August 26th, 2015 11:29am

Hi Mark,

I'm able to open the folder in windows explorer and copy a file into it, when using my personal user.

Both, the share and the folder (NTFS) are granted full access for the Exchange Trusted Subsystem group (as stated in the initial post). The permissions are correctly inherited to the child objects of the folder.

whoami /groups when executed as system account (psexec as you stated) does not show any domain groups.

The last check led me to the conclusion, that I need to add the local Administrators group to the share permissions and after doing so, the MailboxExportRequests indeed work as expected.

Finally: If you use a share on an Exchange CAS Server as target path for mailbox export requests, you need to add the local Administrators group to the share permissions. (And if you add the local Administrators group you do not need to add any more permissions, as the Exchange Trusted Subsystem and the Organization Management usually already are members of the local Administrators group on Exchange servers.)

Thank you Mark, for your thoughts and hints, which led to the solution.

Kind regards

Harry

Marked as answer by Harald Börger 7 minutes ago
Edited by Harald Börger 3 minutes ago additional knowledge

August 27th, 2015 3:43am

This topic is archived. No further replies will be accepted.