During a cross-forest migration from Exchange 2003 to Exchange 2010 I found a nasty issue while migration a mailbox. The first 10% of the move request went OK but after that it failed. In the first 10% the mailbox is created, the folder structure is created and permissions are set on the folders.
I started looking in the event log as, by default, enough information is logged here to see why a move request failed and found the following event:
_Mailbox move for ‘xxxxxxxxxxxxxxxxxxxxxx’ (d126705e-af4d-4aca-83c6-0ea443a2ad60) has failed.</p>
Error code: -2147024809
MapiExceptionInvalidParameter: Unable to set properties on object. (hr=0x80070057, ec=-2147024809)
Diagnostic context:
Lid: 18969 EcDoRpcExt2 called [length=363]
Lid: 27161 EcDoRpcExt2 returned [ec=0x0][length=108][latency=0]
Lid: 23226 — ROP Parse Start —
Lid: 27962 ROP: ropSetProps [10]
Lid: 17082 ROP Error: 0x80070057
Lid: 30561
Lid: 21921 StoreEc: 0x80070057
Lid: 27962 ROP: ropExtendedError [250]
Lid: 1494 —- Remote Context Beg —-
Lid: 26426 ROP: ropSetProps [10]
Lid: 47113
Lid: 7915 StoreEc: 0x80070057
Lid: 5263 StoreEc: 0x80070057
Lid: 19768
Lid: 4559 StoreEc: 0x80070057
Lid: 1750 —- Remote Context End —-
Lid: 26849
Lid: 21817 ROP Failure: 0x80070057
Lid: 25761
Lid: 1940 StoreEc: 0x80070057
Lid: 25297
Lid: 21201 StoreEc: 0x80070057
Context:
Mailbox: Primary (d126705e-af4d-4aca-83c6-0ea443a2ad60)
Folder: ‘/Top of Information Store/Taken/xxxxxx’, entryId [len=46, data=00000000109014FD0A523641A2C3C55606B5EA8201006E5BA8745959BC4C9F7B175EAE3144A80000378F00370000], parentId [len=46, data=00000000109014FD0A523641A2C3C55606B5EA820100C0260BEE56B49E4981448625D74A5AAB0000000400470000]
Operation: LocalDestinationFolder.SetSecurityDescriptor
SD: O:S-1-5-21-3869603026-3631219241-1903344517-3835G:S-1-5-21-3869603026-3631219241-1903344517-513D:AI(A;OIIO;0x1f0fbf;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;CI;0x1fc9ff;;;S-1-5-21-3869603026-3631219241-1903344517-3835)(A;OIIO;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;OIIOID;0x1f0716;;;S-1-5-21-3869603026-3631219241-1903344517-2781)(A;CI;0x1208a9;;;S-1-5-21-4230955503-526549450-3057572010-5377)(D;CIID;0xdc916;;;S-1-5-21-3869603026-3631219241-1903344517-2781)</em>
As you can see above it has some problems with the Taken folder. When we had a look at this folder together with the end-user we found out that specific permissions where set in the folders. So we asked if he could remove them on one of the folders to check if that fixed the issue. After the user had done this we were a step further but, as expected, had the same issue with another folder. As it isn’t an option to remove all permissions before migrating the mailbox I decided to contact Microsoft.
After we contacted Microsoft a lot became more clear. During the migration of a mailbox from Exchange 2003 to Exchange 2010 the process will try to regenerate the ACL’s on the Exchange 2010 side. This because Exchange 2010 does use the ACL’s in another way then Exchange 2003. It can happen that the an ACL get’s corrupt which will cause the migration of the mailbox to fail.
The solution: redefine the permissions via Outlook either by removing and adding them again or by changing them to something else and then change them back to the original permissions. Not a really nice solution but you can continue migrating.
Collegue Michel de Rooijave me another tip, try to use PFdavAdmin with this tool it’s possible to fix AC’L’s of mailboxes.
Comments
