A move mailbox operation is not successful, and Event ID 9166 appears in the Application log in Exchange Server 2003 (886700)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition

SYMPTOMS

In Microsoft Exchange Server 2003, when you try to move a user's mailbox by using the Exchange Task Wizard, the move mailbox operation is not successful. In this scenario, you experience both the following symptoms:
  • The following events appear in the Application log in Event Viewer:

    Event ID 9166Event Type: Error
    Event Source: MSExchangeAdmin
    Event Category: Move Mailbox
    Event ID: 9166
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Failed to log on to the MAPI session on server ServerName Error: Access is denied.
    For more information, click http://search.support.microsoft.com/search/?adv=1.

    Event ID 1008Event Type: Error
    Event Source: MSExchangeAdmin
    Event Category: Move Mailbox
    Event ID: 1008
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Unable to move mailbox mailbox name Error: Access is denied.
  • Information that is similar to the following appears in the Exchange Task Wizard log file:

    <?xml version="1.0" encoding="unicode" ?> 
- <taskWizardRun taskName="Move Mailbox" dcName="<DC Name>" buildNumber="6944" runningAs=<5.5 service account> 
   <timespan startTime="2004-07-07 11:53:06.488" milliseconds="47" /> 
 - <moveMailbox mixedMode="true" maxBadItems="0"> 
  - <destination> 
     <database>/dc=com/dc=contoso/cn=Configuration/cn=Services/cn=Microsoft 
       Exchange/cn=<organizationName>/cn=Administrative Groups/cn=<administrativeGroupName>
       /cn=Servers/cn=<ServerName>/cn=InformationStore/cn=Storage Group 
       1/cn=<MailboxStoreName></database> 
    </destination> 
   </moveMailbox> 
   <taskSummary errorCount="1" completedCount="0" warningCount="0" errorCode="0x00000000" /> 
 - <items> 
  - <item adsPath="LDAP:<user path>" class="user"> 
    <progress code="0" milliseconds="31">Connecting to source server.</progress> 
    - <summary isWarning="false" errorCode="0xc0070005"> 
       Access is denied. 
    - <details> 
    - <source> 
      <database><database path></database> 
     </source> 
    </details> 
   </summary> 
  </item> 
 </items> 
</taskWizardRun>

    Note By default, the Exchange Task Wizard log file is stored in the following location:

    C:\Documents and Settings\UserName.DomainName\My Documents\Exchange Task Wizard Logs\ETW14D7.xml

CAUSE

This problem may occur if both the following conditions are true:
  • You perform the move mailbox operation in a mixed-mode administrative group.
  • The account that you use to perform the mailbox move operation, or the Exchange 2003 Full Administrator account, is different from the Microsoft Exchange Server 5.5 service account.
This problem is caused by a timing problem. The timing problem may occur if your Exchange Server 2003 computer is busy when you try to move the mailbox. In this scenario, the move mailbox operation may be unsuccessful because the Exchange Full Administrator account may not have sufficient rights on the Global\ExchangeAdminMapiLogon mutual exclusion object (mutex) to perform a MAPI logon.

Typically, many Microsoft Exchange System Attendant service threads use the Global\ExchangeAdminMapiLogon mutex. These threads all run under the Local System account. Therefore, these threads all have sufficient rights to acquire this mutex regardless of the thread that created the mutex. In this scenario, and in a pure Exchange Server 2003 administrative group, the Global\ExchangeAdminMapiLogon mutex is created in the following manner. The following accounts have permissions:
  • Local System
  • Local Administrator or the Administrators Group

However, in a mixed administrative group, this mutex could be created by one of the mad.exe threads that impersonates the legacy Exchange Server 5.5 service account for free/busy interoperability. When this behavior occurs, the mutex is created in the following manner. The following accounts have permissions:
  • Local System
  • Exchange Server 5.5 service account

Therefore, in this scenario, your Exchange Full Administrator account may not have sufficient permissions to perform the move mailbox operation.

WORKAROUND

To work around this problem, use one of the following methods.

Method 1: Make sure that the "System Objects: Default owner for objects created by members of the Administrators group" security policy.is set to "Administrators group" on any affected Exchange Servers


You may verify and change the setting of this security policy by using the Group Policy Object Editor MMC snap-in. To do this, follow these steps:
  1. Click Start, click Run, type gpedit.msc, and then click OK.
  2. Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
  3. Double-click System Objects: Default owner for objects created by members of the Administrators group.
  4. If the policy is set to a value of Object creator, change the value to Administrators group.
  5. For the policy to take effect, restart the affected Exchange Servers.
Note If the policy is not available, and then it is being configured through a Group Policy Object in Active Directory. In this case you will have to make the change on the Group Policy Object itself.

Method 2: Move the mailbox from a computer that is not running Exchange Server

This problem occurs only on a computer that is running Exchange Server. To work around this problem, move the mailbox by using the Exchange Task Wizard on a computer that is not running Exchange Server. To do this, perform a custom installation of Exchange Server 2003 to install the Microsoft Exchange System Management Tools on a computer in your domain.

Method 3: Run the move mailbox operation under the Local System account

Start the Active Directory Users and Computers MMC snap-in or the Exchange System Manager MMC snap-in under the Local System account. To do this, follow these steps:
  1. Schedule a command prompt to start under the Local System account. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type the following command, where time is the time that you want the cmd.exe to start:

      at time:PM /interactive "cmd.exe"

    3. Press ENTER.
    4. Type at, and then press ENTER to view the list of scheduled jobs.
    5. Type exit, and then press ENTER to quit the command prompt.
  2. At the new command prompt that starts when the scheduled task runs, type dsa.msc, and then press ENTER.
  3. Start the Exchange Task Wizard to move the user's mailbox.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Modification Type:MajorLast Reviewed:8/2/2006
Keywords:kbprb kbtshoot KB886700 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.