Mailboxes created after removal of last E2K3 server don't work.
Hello, Since removing the last E2K3 server as per http://technet.microsoft.com/en-us/library/bb288905.aspxany mailboxes I create for new users don't work. In Outlook I can see the new mailbox in the Address Book and can compose and send a message, but always receive an NDR containing a #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ## error message. On further investigation I can see the mailbox using "get-Mailbox" cmdlet, but cannot see the permissions using "get-mailboxpermission" cmdlet - itgives an"The Identity of the object is invalid." error message. As an experiment I tried installing an E2K3 server and using ADUC to add a recipient with mailbox to an E2K7 database ( followed by a set-mailbox -applymandatoryparameters to "upgrade" to a real E2K7 object). When created this way the new mailbox seems to work normally. On removing this temporary E2K3 server and creating new mailboxes from the Exchange Console I get non-functional mailboxes. Looking in ADSIedit I see that there are several attributes that I would have expected to be set for the user are "<not set>" - for example: legacyExchangeDN homeMTA msExchMailboxGuid msExchMailboxSecurityDescriptor With E2K3 I would expect these to be filled in, but now I have a pure E2K7 domain I can't tell if the fact these are not set is an error or expected. Are there some steps I have missed perhaps in decomissioning the last E2K3 server? Does anyone have any ideas or have experienced this problem and found a solution, or is this just a strange one off? --philip.
August 17th, 2007 7:30pm

Just to make absolutely sure, when you create mailboxes for users when you have no E2K3 servers, you are using the Exchange Management Console, right? The EMC itself (well, actually, the underlying EMS task) creates those attributes, it does not require the Exchange server to do this. Try this from the EMS and see if it works. Let's say the user is Domain\Snuffy and the mailbox database is "Mailbox Database", here is the cmdlet. Enable-Mailbox Domain\Snuffy -Database "Mailbox Database" -Verbose See if there is anything unusual in the output.
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2007 9:58pm

I have tried both through the console (EMC)and from the shell (EMS). I have tried creating a mailbox and specifying a new user, and I have tried using a pre-existing account. Both using the new-mailbox and the Enable-Mailbox cmdlets complete without anything appearing unusual to me, though the get-mailboxpermission stll fails. e.g.: [PS] C:\>enable-mailbox mt8 -database "mailbox database" -verboseVERBOSE: Enable-Mailbox : Beginning processing.VERBOSE: Enable-Mailbox : Searching objects "<mailboxservername>\mailbox database" of type "MailboxDatabase" under the root "$null".VERBOSE: Enable-Mailbox : Previous operation run on domain controller '<dcservername>'.VERBOSE: Enable-Mailbox : Searching objects "mt8" of type "ADUser" under the root "$null".VERBOSE: Enable-Mailbox : Previous operation run on domain controller '<dcservername>'.VERBOSE: Enable-Mailbox : Searching objects of type "ADRecipient" with filter "(|((Alias Equal mt8)))", scope "SubTree" under the root "$null".VERBOSE: Enable-Mailbox : Previous operation run on global catalog server '<gcservername>'.VERBOSE: Enable-Mailbox : Applying RUS policy to the given recipient "<domainname>/Users/mt8" with the home domain controller "$null".VERBOSE: Enable-Mailbox : The RUS server that will apply policies on the specified recipient is "<mailboxservername>".VERBOSE: Enable-Mailbox : Processing object "<domainname>/Users/mt8".VERBOSE: Enabling Mailbox "mt8" on Database "<mailboxservername>\mailbox database".VERBOSE: Enable-Mailbox : Saving object "<domainname>/Users/mt8" of type "ADUser" and state "Changed".VERBOSE: Enable-Mailbox : Previous operation run on domain controller '<dcservername>'. Name Alias ServerName ProhibitSendQuota---- ----- ---------- ---------------mt8 mt8 <servername> unlimitedVERBOSE: Enable-Mailbox : Ending processing. [PS] C:\>get-mailboxpermission mt8WARNING: An unexpected error has occurred and a Watson dump is being generated:The Identity of the object is invalid.Get-MailboxPermission : The Identity of the object is invalid.At line:1 char:22+ get-mailboxpermission <<<< mt8 --p.
August 17th, 2007 10:19pm

Weird. Everything with the Enable-Mailbox looks right. On the Tools section, run the ExBPA and see if it reports anything unusual. You may be in for some time on hold with PSS. (Like I am right now.)
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2007 10:33pm

We actually just got some help from PSS on this.There is a bug with the Microsoft Exchange System Attendant service in Exchange 2007 at this point. The support tech will still be emailing me details, but for now the workaround is simple (at least in our case).Restart the Microsoft Exchange System Attendant service (Restart-Service MSExchangeSA in powershell) on your mailbox server(s), and try again!We are running Exchange 2007 with Update Roll-Up 4 and Update Roll-Up 5 installed, and this did the trick for us. We are using a script for mailbox provisioning at the moment, so it was easy enough to just restart the System Attendant on the new user's mailbox server prior to creating the mailbox with the new-mailbox command (Used psservice.exe from pstools/systinternals from http://www.microsoft.com/technet/sysinternals/Utilities/PsTools.mspx).The bug is not documented at this point, but the MS support tech noted that there were about 5 or 6 cases other than our own that reported this issue recently, while there is no KB for it at the moment and the fix is not public, a bug fix will most likely be included with SP1 (due by the end of this month).Let me know if this helps you in your experience.Also check out http://episteme.arstechnica.com/eve/forums?a=tpc&s=50009562&f=12009443&m=362006418831&r=606003038831#606003038831
November 7th, 2007 9:16pm

Thanks for your updated information. Unfortunately applying Update Roll-Up 5 and restarting the System Attendant hasn't fixed it for me. If SP1 is coming out by the end of the month, perhaps that will fix it for me. --philip.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2007 9:22pm

I have discovered the solution towhy myExchange Server 2007 has been unable to create new mailboxes since the removal of my last 2K3 server. I had hoped that installing SP1 might have fixed the problem, but unfortunately it only changed the error message to one stating that ExchangeGuid is mandatory. The problem turned out that in the "system policy" CN=Mailbox Enable User(in CN=System Policies,CN=<ExchangeOrganizationName>,CN=Microsoft Exchange,CN=Services,CN=Configuration,...) had a value for the attribute "purportedSearch" that included an ampersand in the mailnickname part of the filter. From KB903291 (even though this KB is for E2K3, it still is correct for E2K7 aswell)it appears that this attribute should read: (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*)) i.e. the mailnickname should use an asterisk as the wildcard (recipient policies are documented asnot allowing the ampersand and it appears neither do system policies). On changing the value of this attribute my Exchange system immediately started being able to create new mailboxes as expected. --philip.
January 16th, 2008 1:39am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics