Microsoft KB Archive/886700

= A move mailbox operation is not successful, and Event ID 9166 appears in the Application log in Exchange Server 2003 =

Article ID: 886700

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition

-





SYMPTOMS
In Microsoft Exchange Server 2003, when you try to move a user's mailbox by using the Exchange Task Wizard, the move mailbox operation is not successful. In this scenario, you experience both the following symptoms:   The following events appear in the Application log in Event Viewer:

Event ID 9166 Event Type: Error

Event Source: MSExchangeAdmin

Event Category: Move Mailbox

Event ID: 9166

Date:

Time:

User: N/A

Computer:

Description: Failed to log on to the MAPI session on server  Error: Access is denied.

For more information, click http://search.support.microsoft.com/search/?adv=1.

Event ID 1008 Event Type: Error

Event Source: MSExchangeAdmin

Event Category: Move Mailbox

Event ID: 1008

Date:

Time:

User: N/A

Computer:

Description: Unable to move mailbox  Error: Access is denied.  Information that is similar to the following appears in the Exchange Task Wizard log file:

 - &quot; buildNumber=&quot;6944&quot; runningAs=<5.5 service account>  -  - 

Note By default, the Exchange Task Wizard log file is stored in the following location:

C:\Documents and Settings\. \My Documents\Exchange Task Wizard Logs\ .xml





CAUSE
This problem may occur if both the following conditions are true:
 * You perform the move mailbox operation in a mixed-mode administrative group.
 * The account that you use to perform the mailbox move operation, or the Exchange 2003 Full Administrator account, is different from the Microsoft Exchange Server 5.5 service account.

This problem is caused by a timing problem. The timing problem may occur if your Exchange Server 2003 computer is busy when you try to move the mailbox. In this scenario, the move mailbox operation may be unsuccessful because the Exchange Full Administrator account may not have sufficient rights on the Global\ExchangeAdminMapiLogon mutual exclusion object (mutex) to perform a MAPI logon.

Typically, many Microsoft Exchange System Attendant service threads use the Global\ExchangeAdminMapiLogon mutex. These threads all run under the Local System account. Therefore, these threads all have sufficient rights to acquire this mutex regardless of the thread that created the mutex. In this scenario, and in a pure Exchange Server 2003 administrative group, the Global\ExchangeAdminMapiLogon mutex is created in the following manner. The following accounts have permissions:
 * Local System
 * Local Administrator or the Administrators Group

However, in a mixed administrative group, this mutex could be created by one of the mad.exe threads that impersonates the legacy Exchange Server 5.5 service account for free/busy interoperability. When this behavior occurs, the mutex is created in the following manner. The following accounts have permissions:
 * Local System
 * Exchange Server 5.5 service account

Therefore, in this scenario, your Exchange Full Administrator account may not have sufficient permissions to perform the move mailbox operation.



WORKAROUND
To work around this problem, use one of the following methods.

=== Method 1: Make sure that the &quot;System Objects: Default owner for objects created by members of the Administrators group&quot; security policy.is set to &quot;Administrators group&quot; on any affected Exchange Servers ===

You may verify and change the setting of this security policy by using the Group Policy Object Editor MMC snap-in. To do this, follow these steps:
 * 1) Click Start, click Run, type gpedit.msc, and then click OK.
 * 2) Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
 * 3) Double-click System Objects: Default owner for objects created by members of the Administrators group.
 * 4) If the policy is set to a value of Object creator, change the value to Administrators group.
 * 5) For the policy to take effect, restart the affected Exchange Servers.

Note If the policy is not available, and then it is being configured through a Group Policy Object in Active Directory. In this case you will have to make the change on the Group Policy Object itself.

Method 2: Move the mailbox from a computer that is not running Exchange Server
This problem occurs only on a computer that is running Exchange Server. To work around this problem, move the mailbox by using the Exchange Task Wizard on a computer that is not running Exchange Server. To do this, perform a custom installation of Exchange Server 2003 to install the Microsoft Exchange System Management Tools on a computer in your domain.

Method 3: Run the move mailbox operation under the Local System account
Start the Active Directory Users and Computers MMC snap-in or the Exchange System Manager MMC snap-in under the Local System account. To do this, follow these steps: <ol> Schedule a command prompt to start under the Local System account. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type cmd, and then click OK.</li> Type the following command, where  is the time that you want the cmd.exe to start:

at :  /interactive &quot;cmd.exe&quot;

</li> Press ENTER.</li> Type at, and then press ENTER to view the list of scheduled jobs.</li> Type exit, and then press ENTER to quit the command prompt.</li></ol> </li> At the new command prompt that starts when the scheduled task runs, type dsa.msc, and then press ENTER.</li> Start the Exchange Task Wizard to move the user's mailbox.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: XADM

Keywords: kbprb kbtshoot KB886700

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.