Mailbox logon failure
I am using Quest to migrate from one Exchange organisation to another. The source domain has Exchange 2003 and the target domain has Exchange 2010.
I have 600 users and I have migrated all but a few. I have one user that Quest reports the following error;
10/25/2010 2:03:43 PM CADCollections::NextItem Informational 4510
Starting to process collection 'resync priority' (Source server 'SVRCR-EX01', target server 'COL-EX01', type '0').
10/25/2010 2:03:43 PM CADQueue::NextItem Informational 4511 Starting to process
item '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK' (Collection 'resync priority', PST: '42EACF1CDA465449BE377712820C18B2', SyncMailboxInfo: 'True', SyncSwitched: 'False', SyncAllContent: 'True', SyncFolderContent: 'True').
10/25/2010 2:03:43 PM EMWLDAP40::LDAPOperations::GetRootDSEInfo
TraceMsg 5110 Retrieve info from RootDSE. Getting RootDSE
10/25/2010 2:03:43 PM EMWLDAP40::LDAPSearcher::Retrieve TraceMsg 5107
Open LDAP connection to 'SVRCR-DC3.SEVERCORR.LOCAL'. Username: 'severcorr\svcqmm'
10/25/2010 2:03:43 PM EMWLDAP40::LDAPSearcher::Retrieve TraceMsg 5107
Open LDAP connection to 'SVRCR-DC3.SEVERCORR.LOCAL'. Username: 'severcorr\svcqmm'
10/25/2010 2:03:43 PM CSession::Logon TraceMsg
4800 Logging on to the mailbox '/o=SeverCorr/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SVRCR-EX01/cn=Microsoft System Attendant' (Server: 'SVRCR-EX01', user: 'severcorr\svcqmm').
10/25/2010 2:03:43 PM EMWLDAP40::LDAPSearcher::Retrieve TraceMsg 5107
Open LDAP connection to 'SVRCR-DC3.SEVERCORR.LOCAL'. Username: 'severcorr\svcqmm'
10/25/2010 2:03:43 PM EMWLDAP40::LDAPSearcher::Retrieve TraceMsg 5107
Open LDAP connection to 'SVRCR-DC3.SEVERCORR.LOCAL'. Username: 'severcorr\svcqmm'
10/25/2010 2:03:43 PM CMBRedir::MBRedir TraceMsg
1628438533 Binding to as user SEVERSTALCO\svcqmm
10/25/2010 2:03:43 PM CMBRedir::MBRedir TraceMsg
1628438538 Starting LDAP asynchronous page search: DN = CN=QMMADProject
10/25/2010 2:03:43 PM CMBMSwitcher::IsSwitched2 TraceMsg
4908 Current mailbox '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK' redirector state: 'Not switched'.
10/25/2010 2:03:43 PM CMBMConn::GetMailboxInfoEx TraceMsg
4808 Retrieving mailbox information (Mailbox: '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK', Infostore: '7FEEDFE414906F4CAE182E0BCBAB92E7', MailboxGUID: 'F7F5FF3E0055DF43860BA710EA33C4FF').
10/25/2010 2:03:43 PM CMBMConn::GetMailboxInfo TraceMsg 4808
Retrieving mailbox information (Mailbox: '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK', Infostore: '7FEEDFE414906F4CAE182E0BCBAB92E7', MailboxGUID: 'F7F5FF3E0055DF43860BA710EA33C4FF').
10/25/2010 2:03:43 PM PSTFile::InfoBackup TraceMsg
1614 Backing up the auxiliary information for current PST file container 'C:\WINDOWS\system32\Aelita Exchange Migration Wizard\Mail Source Agent\PST\77E81A0AD227E54BBBFEA76937976E2C.PRV'.
10/25/2010 2:03:43 PM CSession::Logon TraceMsg
4800 Logging on to the mailbox '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK' (Server: 'SVRCR-EX01', user: 'severcorr\svcqmm').
10/25/2010 2:03:43 PM CSession::Logon
Error -2147221231 The information store could not be opened. - MAPI_E_LOGON_FAILED (MAPI 1.0) Low level error: 0x0 File: 'aeWrapHelpers.h' Line: '279'
10/25/2010 2:03:43 PM MailKernel::Connect Informational 2079
Synchronization status: Object '/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK' synchronization was not started due to connection errors.
10/25/2010 2:03:43 PM MailKernel::Disconnect TraceMsg 2042
Total errors occured during processing 1; internal errors 0; warnings 0.
10/25/2010 2:03:43 PM MailKernel::Work TraceMsg
2061 Synchronization has been completed. (RetCode: -2147221502).
10/25/2010 2:03:43 PM PSTFile::Delete TraceMsg 1613
Deleting the file 'C:\WINDOWS\system32\Aelita Exchange Migration Wizard\Mail Source Agent\PST\77E81A0AD227E54BBBFEA76937976E2C.PRV'.
I have highlighted the error.
I have checked the user with MFCMapi.exe and I am not able to logon.
The user PGRUSECK can access his mailbox via Outlook 2003 but when I try his name it cannot be Matched to a Name in the Address List.
It does work via OWA.
I have tested the following;
I have checked that the user is not hidden from the address list.
In the security tab I added Authenticated Users, for Read permissions in the Allow column.
I also checked adsiedit and checked that the user did not have a space at the end of his name.
legacyExchangeDN
/o=SEVERCORR/ou=FIRST ADMINISTRATIVE GROUP/cn=RECIPIENTS/cn=PGRUSECK
I moved the user to a different storage group.
I do not have any Win2k8 DC’s in the source domain.
I need to resolve this issue in order to migrate the user. It is not a Quest issue as I have migrated almost 600 users without issue and he is the only
Paul that is not listed when I try and configure a new profile to connect to his mailbox via Outlook.
Does Microsoft have any tools or a debug mode where I can get more information on my issue and thus resolve my issue.
Also as I will not require the source mailbox following the migration shall I just modify the security to everyone full control to see if that works?
Eamon Murchan
November 1st, 2010 2:30pm
Is this user hidden from the global address list?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 2:39pm
The user is not hidden from the global address list.
November 1st, 2010 2:55pm
It says it's a logon failure, so have you checked the mailbox rights?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 3:31pm
So on the subject of mailbox rights if I configure everyone to have full control will that not eliminate permissions?
November 1st, 2010 4:59pm
I don't understand the question. Under mailbox rights, ensure that the Quest service account has full mailbox rights.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 5:24pm
I have checked the mailbox rights and the Quest service account "severcorr\svcqmm" is configured for full mailbox rights.
November 1st, 2010 6:34pm
One thing to try. Log into a machine with svcqmm account, configure an Outlook profile for the mailbox in question, and see if you can log in.
You might want to call Quest. Perhaps they can help you more with their specific error codes.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 6:47pm
I am unable to login to the users mailbox with a new Outlook profile with any account. In fact only the user with his Outlook profile can access his mailbox via Outlook. Even if I try and access the mailbox using a new Outlook profile with his user account
if fails to list him. With the Quest service account I see 6 Paul's but I do not see the user. I can access the mailbox with the Quest service account from OWA. I did have a support call with Quest and they have proved that it is a Microsoft issue.
November 1st, 2010 7:36pm
I would examine the working profile with a fine-toothed comb, then.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 8:34pm
On Mon, 1 Nov 2010 23:31:58 +0000, Eamon Murchan wrote:
>I am unable to login to the users mailbox with a new Outlook profile with any account. In fact only the user with his Outlook profile can access his mailbox via Outlook. Even if I try and access the mailbox using a new Outlook profile with his user account
if fails to list him. With the Quest service account I see 6 Paul's but I do not see the user. I can access the mailbox with the Quest service account from OWA. I did have a support call with Quest and they have proved that it is a Microsoft issue.
Have a look at the AD user object with LDP.exe. or ADSIEDIT and see
if:
msExchHideFromAddressLists = TRUE
showInAddressBook = at least one AB distinguishedName
You should be able to create a profile if you use the legacyExchangeDN
property value for the mailbox instead of the user name -- even if the
user is hidden from teh GAL
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
November 1st, 2010 9:58pm
some browser has the ability to logon automatically, it can save a lot of time and energy.
burn xbox 360 games
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 4:03am