Access rights error when moving mailboxes from Exchange Server 2003 to Exchange Server 2010

When I did the mailbox migrations from Exchange Server 2003 to Exchange Server 2010 yesterday, I received the following error for a couple of mailboxes:

Error:
Active Directory operation failed on <DomainControllerName>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
’<PathtoOrganizationalUnit>’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 147171981′ -BadItemLimit ‘-1′

In my case, this was caused by inheritable permissions for the user object. To check this setting do the following:

  1. On a domain controller, Open Active Directory Users and Computers.
  2. Make sure that you have advanced features activated. Choose view and then Advanced Features.
    MoveError1
  3. Find the user that matches the mailbox you where trying to move.
  4. Open properties for the user and navigate to the Security tab.
  5. Click on Advanced and activate the checkbox Include inheritable permissions from this object’s parent”, then click Ok twice.
    MoveError2

And that should do it, you can try to move the mailbox again and it should work. Thanks for reading and do not hesitate to let me know if you run in to any problems!

Advertisements

Error when doing export-mailbox and import-mailbox in Exchange Server 2010

I just got a question from a customer that was trying to import a number of pst files to to Exchange 2010. This is the error message they received:

Error:
Error was found for user@domain.com because: Error occurred in the step: Approving object. An unknown error
has occurred., error code: -2147221219
    + CategoryInfo          : InvalidOperation: (0:Int32) [Import-Mailbox], RecipientTaskException
    + FullyQualifiedErrorId : CFFD629B,Microsoft.Exchange.Management.RecipientTasks.ImportMailbox

There is a known bug in Exchange 2010 that causes export-mailbox and import-mailbox commands to fail on an Exchange Server that has both the CAS and Mailbox role installed.

To solve this you can either do the import/export via Outlook or install a separate Exchange 2010 server. Make sure that you only install the Mailbox role together with Outlook 2010 64-bit on this server.

When you are done, or the bug is fixed, you can uninstall the temporary import/export server using add/remove programs. This will remove Exchange from the server as well as remove all information regarding the server in Active Directory.

According to Microsoft Support this issue is expected to be fixed in update rollup 5 of Exchange 2010 server. I have also seen posts about a fix in Service Pack 1 so time will tell… Good luck and please don’t hesitate to let me know if you run in to any other issues.

OCS 2007 R2 – Deploy Server Wizard Has Failed

Recently I was doing an installation of OCS 2007 R2 Standard and I got this message when running the installation wizard:

OCSError1

In the log I found the following error message:

Failure
[0xC3EC796C] One or more errors occurred during execution of the wizard; the wizard was unable to complete successfully. Please check the log file for more information.

OCSError2

And when looking a bit further, following the link provided in the first message i found this error message:

Failure
[0xC3EC78D8] Failed to read the Office Communications Server version information. This can happen if the computer clock is not set to correct date and time.

OCSError3

Solution

According to Microsoft this can be related to Security Update for Microsoft Windows (KB974571). There are two things you can do to resolve this issue.

  1. Uninstall update KB974571.
  2. There is a fix available from Microsoft. Look under section “Resolution for these known issues” on the following link: http://support.microsoft.com/kb/974571/en-us