Scenario, single forest with two domains. Exchange server 2007 running in domaina which is 2003. Exchange 2000 running in domainb with two windows 2000 server domain controllers and one 2003 domain controller. (domaina and domainb are fictional names for this ticket) There is still a mixture of mailboxes as we are still migrating but this scenario only happens with mailboxes on 2007 and it does not appear to matter if they are newly created or migrated. The issue is that I can't connect to 2007 with owa with any mailboxes on the 2007 server. I get the initial login prompt and enter my account/password. Note that the 2007 server is in domaina but the accounts are in domainb. When it successfully authenticates I get the second panel that asks for timezone etc and then when I hit ok I either get the message below or another message aboutauthentication failures. Note that for any users on domaina the functionality works fine and there are no exchange issues with coexistance of the two servers or mail boxes. I believe the message below is due to the reason that it is accessing one of the windows 2000 domain controllers but that is only a guess therefore my question is twofold: Is it possible to do this in our scenario and if so how do I force owa to authenticate users in domainb successfully? I assume it is something to do with the global catalog vs domain authentication at the ldap level but I can't find any information on how to test this theory or where to even look to get more detailed logs. If it helps, I am also having issues moving mailboxes mailboxes with exchange console and have had to use the shell with detailed specification as shown below. As with the above, the exact domain information has be replaced. move-mailbox -Identity dellworkingtool@mymail.com -DomainController tackup.domainb -GlobalCatalog ad1.domaina -TargetDatabase 'CN=mailboxes,CN=Mysite,CN=InformationStore,CN=EXCH2007,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CTA Systemsource,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domaina' Any hints at all would be greatly apprecated as I have exhausted all the search pages I can find. ------------------------------------------------------------------------------------------------------------------- ExceptionException type: Microsoft.Exchange.Data.Directory.ADPossibleOperationExceptionException message: Active Directory operation failed on shark.domainb. This error could have been caused by user input or by the Active Directory server being unavailable. Please retry at a later time. Additional information: Active Directory rejected paged search cookie because a cookie handle was discarded by a Domain Controller or a different LDAP connection was used on subsequent page retrieval. Paged search needs to be restarted and will succeed. Additional information: The parameter is incorrect. Active directory response: 00000057: LdapErr: DSID-0C090591, comment: Error processing control, data 0, v893.Call stack Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32& retries, Int32 maxRetries) Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator) Microsoft.Exchange.Data.Directory.ADSession.Read(ADObjectId entryId, IEnumerable`1 properties, CreateObjectDelegate objectCtor) Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Read(ADObjectId entryId) Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner ExceptionException type: System.DirectoryServices.Protocols.DirectoryOperationExceptionException message: The server does not support the control. The control is critical.Call stack System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation) Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator)

stuart did you have any joy with this, i have exactley the same scenario ........