Forum Discussion

AndresMunoz's avatar
12 years ago

Cross Forest email archiving

Hi,

We have a customer with the following EV implementation (see image below)

  • Two Windows Forest, lets call them Forest A and Forest B, with root Domain A and Domain B respectively.
  • There's a two way Forest Trust between the environments.
  • Forest A is an Exchange 2010 Native deployment, Forest B is a Exchange 2010 in 2003 coexistence deployment. BOTH forest share the same SMTP namespace. I don't know the history of it, but the aim is to move all users from Forest B to Forest A
  • Enterprise Vault 10.0.2 is deployed on Forest A, and the VSA is also located on Forest A
  • EV can archive from Forest A without issues, as expected. ALL EV tasks work fine on Forest A

Here's where it it gets interesting. The customer wants to archive from Forest B prior to migration. When we try to do this here's what happens

  • Exchange Provisioning task for Domain B works without problem. This is running under the VSA
  • Exchange archiving task for Domain B start but fail immediately. These are currenly running under the VSA

We have tried to configure an additional account, based on this technote , for it to run

But task still failt to start.

A network trace indicates the server cannot create a profile to connect to the exchange servers on domain b, and that the VSA might not have rights to access the system mailbox (see trace below).

3299 15:17:21.823  [6804] (ArchiveTask) <3836> EV:M {CAgentTask::Initialise:#1307} Opening a MAPI session to verify privileged access to Exchange server [MAILBOXSERVER1] using mailbox [SMTP:EV_MAILBOXSERVER1@SMTP.NAME.ORG]
3300 15:17:21.823  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::GetMapiSessionFromPoolEx} (Entry) Additional MAPILogonEx flags [0x0]
3301 15:17:21.823  [6804] (ArchiveTask) <3836> EV:L {CFaultInjector::Configure} (Entry)
3302 15:17:21.823  [6804] (ArchiveTask) <3836> EV:L CFaultInjector::LoadConfig looking for fault config in C:\Program Files (x86)\Enterprise Vault\ArchiveTask.EXE.fault.
3303 15:17:21.823  [6804] (ArchiveTask) <3836> EV:H {CFaultInjector::Configure:#132} _com_error exception: [The system cannot find the file specified.  (0x80070002)]
3304 15:17:21.823  [6804] (ArchiveTask) <3836> EV:H {CFaultInjector::Configure} (Exit) Status: [The system cannot find the file specified.  (0x80070002)]
3305 15:17:21.823  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CreateMapiSession} (Entry)
3306 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CEVMAPIMutex::AcquireMAPIMutex:#88} Try to acquire profile lock.
3307 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CEVMAPIMutex::AcquireMAPIMutex:#137} Acquired exclusive profile lock.
3308 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CMailboxHelper::CreateProfileAndSessionEx} (Entry)
3309 15:17:21.838  [6804] (ArchiveTask) <3836> EV:M {CMailboxHelper::CreateProfileAndSessionEx:#831} Setting up MAPI profile [VaultMbxAgent-MAILBOXSERVER1-3836-1359951441-0-838-0]
3310 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CMailboxHelper::CreateProfileAndSessionEx:#834} Creating the MAPI profile...
3311 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CMailboxHelper::CreateProfileAndSessionEx:#854} Creating the message service (if it doesn't already exist)...
3312 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CMailboxHelper::CreateProfileAndSessionEx:#868} Getting the message service table (GetMsgServiceTable)...
3313 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {CMailboxHelper::CreateProfileAndSessionEx:#871} Querying the returned message service table...
3314 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt} (Entry)
3315 15:17:21.838  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#107} Trying ConfigureMsgService using PR_PROFILE_UNRESOLVED_SERVER [MAILBOXSERVER1], attempt [1] of [5]
3316 15:17:21.869  [6804] (ArchiveTask) <3836> EV:M {ConfigureMsgServiceAttempt:#119} ConfigureMsgService failed: [0x80040115]
3317 15:17:22.384  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#82} Using provided Global Catalog Server [DOMAINBDC01.domainB.local]
3318 15:17:22.384  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#107} Trying ConfigureMsgService using PR_PROFILE_UNRESOLVED_SERVER [DOMAINBDC01.domainB.local], attempt [2] of [5]
3319 15:17:22.400  [6804] (ArchiveTask) <3836> EV:M {ConfigureMsgServiceAttempt:#119} ConfigureMsgService failed: [0x80040115]
3320 15:17:22.915  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#107} Trying ConfigureMsgService using PR_PROFILE_UNRESOLVED_SERVER [MAILBOXSERVER1], attempt [3] of [5]
3321 15:17:22.930  [6804] (ArchiveTask) <3836> EV:M {ConfigureMsgServiceAttempt:#119} ConfigureMsgService failed: [0x80040115]
3322 15:17:23.445  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#107} Trying ConfigureMsgService using PR_PROFILE_UNRESOLVED_SERVER [DOMAINBDC01.domainB.local], attempt [4] of [5]
3323 15:17:23.461  [6804] (ArchiveTask) <3836> EV:M {ConfigureMsgServiceAttempt:#119} ConfigureMsgService failed: [0x80040115]
3324 15:17:23.976  [6804] (ArchiveTask) <3836> EV:L {ConfigureMsgServiceAttempt:#107} Trying ConfigureMsgService using PR_PROFILE_UNRESOLVED_SERVER [MAILBOXSERVER1], attempt [5] of [5]
3325 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {ConfigureMsgServiceAttempt:#119} ConfigureMsgService failed: [0x80040115]
3326 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {ConfigureMsgServiceAttempt} (Exit) Status: [<0x80040115>]
3327 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CMailboxHelper::CreateProfileAndSessionEx:#940} ConfigureMsgServiceAttempt() failed.
3328 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CMailboxHelper::BuildConfigureMsgServiceErrorText:#712} Failed to contact server [SMTP:EV_MAILBOXSERVER1@SMTP.NAME.ORG] due to a network error.
3329 15:17:23.991  [6804] (ArchiveTask) <3836> EV~E Event ID: 3432 One or more errors occurred during the creation of a profile to connect to an Exchange Server. |Targeted Exchange Server: MAILBOXSERVER1 |Mailbox: SMTP:EV_MAILBOXSERVER1@SMTP.NAME.ORG |ConfigureMsgService failed with the following errors: |A network error MAPI_E_NETWORK_ERROR has been reported for the following connection points:|MAILBOXSERVER1|DOMAINBDC01.domainB.local| |
3330 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {CMailboxHelper::CreateProfileAndSessionEx:#1011} Cleaning up profile [VaultMbxAgent-MAILBOXSERVER1-3836-1359951441-0-838-0] following preceding failure. Profile deletion: [0x0]
3331 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CMailboxHelper::CreateProfileAndSessionEx} (Exit) Status: [<0x80040115>]
3332 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {CMAPISession::CreateMapiSession:#397} Releasing exclusive profile lock following error [0x80040115]
3333 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {CEVMAPIMutex::ReleaseMAPIMutex:#147} Releasing exclusive profile lock.
3334 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CMAPISession::CreateMapiSession} (Exit) Status: [<0x80040115>]
3335 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::ClearProfileCache} (Entry)
3336 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession} (Entry)
3337 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession:#114} Releasing managed store (IExchangeManageStore): [False]
3338 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession:#120} Releasing message store (IMsgStore): [False]
3339 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession} (Exit)
3340 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CEVMAPIMutex::AcquireMAPIMutex:#88} Try to acquire profile lock.
3341 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CEVMAPIMutex::AcquireMAPIMutex:#137} Acquired exclusive profile lock.
3342 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {CEVMAPIMutex::ReleaseMAPIMutex:#147} Releasing exclusive profile lock.
3343 15:17:23.991  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::ClearProfileCache} (Exit)
3344 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CMAPISession::GetMapiSessionFromPoolEx} (Exit) Status: [<0x80040115>]
3345 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CAgentTask::Initialise:#1325} Failed to open privileged MAPI session: [0x80040115]. Aborting agent startup.
3346 15:17:23.991  [6804] (ArchiveTask) <3836> EV:M {IsCurrentUserADomainAdmin:#4541} User is domain admin: [False]
3347 15:17:23.991  [6804] (ArchiveTask) <3836> EV~E Event ID: 3305 The Task 'Exchange Mailbox Archiving Task for MAILBOXSERVER1' failed to log on to Exchange server 'MAILBOXSERVER1' using mailbox 'SMTP:EV_MAILBOXSERVER1@SMTP.NAME.ORG'. Please ensure the mailbox has not been hidden, that the server is running and that the Vault account has sufficient permissions on the server. |
3348 15:17:23.991  [6804] (ArchiveTask) <3836> EV:H {CAgentTask::Initialise} HRXEX fn trace : Error [0x80004005], [.\AgentTask.cpp, lines {1254,1260,1267,1279,1283,1284,1287,1288,1291,1293,1344}, built Sep 12 21:03:49 2012].
3349 15:17:24.007  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::ClearProfileCache} (Entry)
3350 15:17:24.007  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession} (Entry)
3351 15:17:24.007  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession:#114} Releasing managed store (IExchangeManageStore): [False]
3352 15:17:24.007  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession:#120} Releasing message store (IMsgStore): [False]
3353 15:17:24.007  [6804] (ArchiveTask) <3836> EV:L {CMAPISession::CloseMapiSession} (Exit)

We have tried using the VSA, an account in domain A with a linked mailbox on domain B, an account in domain B with a linked mailbox on domain A, and finally with a local account in domain B. We have also configured the exchange throttling policy and exchange permissions accordingly on each test. Error are the same (or similar).

So might question is this. What is the right configuration for this to work. according to the technote mentioned above, the account should be a Domain B account with a linked Mailbox in Domain A, but this does not seem to work.

Is there anything else I should be checking or configuring?

 

  • my best suggestion would be a new VSA created on DomainB so rather than DOMAINA\EVAdmin, create a DOMAINB\EVAdmin give it a mailbox on Exchange 2010 add it as a local admin on the EV Server run the permissions scripts on the DOMAINB's exchange 2010 server targeting DOMAINB\EVAdmin, and the same for the throttling script. Then in the ExchangeServerEntry table, set the ExchangeGCOverride column to be GC://CASServer.DOMAINB.com/ (do not target a GC or DC, target the Exchange 2010 server) Then on the Archiving task set the Log In to be DOMAINB\EVAdmin log in to the ev server, logging in as DOMAINB\EVadmin, create an outlook profile to the system mailbox making sure you can log in with out it asking for credentials after that, try the archiving again
  • my best suggestion would be a new VSA created on DomainB so rather than DOMAINA\EVAdmin, create a DOMAINB\EVAdmin give it a mailbox on Exchange 2010 add it as a local admin on the EV Server run the permissions scripts on the DOMAINB's exchange 2010 server targeting DOMAINB\EVAdmin, and the same for the throttling script. Then in the ExchangeServerEntry table, set the ExchangeGCOverride column to be GC://CASServer.DOMAINB.com/ (do not target a GC or DC, target the Exchange 2010 server) Then on the Archiving task set the Log In to be DOMAINB\EVAdmin log in to the ev server, logging in as DOMAINB\EVadmin, create an outlook profile to the system mailbox making sure you can log in with out it asking for credentials after that, try the archiving again
  • That worked. However, I had to remove the ExchangeGCOverride value, as when it was on it would fail miserably, as shown on the trace below 148 14:23:24.556 [4008] (ArchiveTask) <7036> EV:L {GetExchangeServerValues:#4232} Using GCOverride from [Exchange server] entry [GC://CASSERVER01.domainb.org] 149 14:23:24.556 [4008] (ArchiveTask) <7036> EV:M {FindExchServerDn:#728} Getting search base, DN and version for Exchange server [mailboxSERVER1]. Forcing LDAP: [True]. 150 14:23:24.556 [4008] (ArchiveTask) <7036> EV:L {FindExchServerDn:#784} Forcing LDAP. Using Configuration Naming Context as the search base. 151 14:23:24.556 [4008] (ArchiveTask) <7036> EV:L {GetDomainNamingContexts:#82} Binding using string [GC://CASSERVER01.domainb.org/RootDSE] 152 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {FindExchServerDn:#862} Error: [0x8007203a] 153 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {GetExchangeServerValues:#4288} Error [0x8007203a] 154 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {CAgentTask::Initialise} HRXEX fn trace : Error [0x8007203a], [.\AgentTask.cpp, lines {1254,1260,1267,1279,1283}, built Sep 12 21:03:49 2012]. 155 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {CAgentTask::Initialise:#1440} Error [0x8007203a] 156 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {CAgentTask::Initialise} (Exit) HRXEX fn trace : Unexpected fn exit path, returning error [0x8007203a], [.\AgentTask.cpp, lines {1254,1260,1267,1279,1283}, built Sep 12 21:03:49 2012]. 157 14:23:25.602 [4008] (ArchiveTask) <7036> EV:H {CArchiveAgentTask::Initialise} HRXEX fn trace : Error [0x8007203a], [..\AgentsCommon\ArchiveAgentTask.cpp, lines {258,264}, built Sep 12 21:03:48 2012]. 158 14:23:25.602 [4008] (ArchiveTask) <7036> EV:M CArchiveAgentTask::Initialise - Com Result [0x8007203A] But when removing the GC override, this is what we get 227 14:45:04.504 [6760] (ArchiveTask) <1380> EV:L {GetExchangeServerValues:#4221} Using FQDN from [Exchange server] entry [domainb.ORG] 228 14:45:04.504 [6760] (ArchiveTask) <1380> EV:L {GetExchangeServerValues:#4237} Using GCOverride from [organization] entry [GC://DC01.DOMAINB.ORG] 229 14:45:04.504 [6760] (ArchiveTask) <1380> EV:M {FindExchServerDn:#728} Getting search base, DN and version for Exchange server [mailboxSERVER1]. Forcing LDAP: [True]. 230 14:45:04.504 [6760] (ArchiveTask) <1380> EV:L {FindExchServerDn:#784} Forcing LDAP. Using Configuration Naming Context as the search base. 231 14:45:04.504 [6760] (ArchiveTask) <1380> EV:L {GetDomainNamingContexts:#82} Binding using string [GC://DC01.domainb.ORG/RootDSE] 232 14:45:04.520 [6760] (ArchiveTask) <1380> EV:L {FindExchServerDn:#798} Binding to search base [LDAP://DC01.domainb.ORG/CN=Configuration,DC=domainb,DC=ORG]. 233 14:45:04.520 [6760] (ArchiveTask) <1380> EV:L {FindExchServerDn:#810} Executing search for Exchange server [mailboxSERVER1]. 234 14:45:04.520 [6760] (ArchiveTask) <1380> EV:L {FindExchServerDn:#827} Got result from search. 235 14:45:04.738 [6760] (ArchiveTask) <1380> EV:M {FindExchServerDn:#838} Exchange server found. DN (AD attrib 'distinguishedName'): [CN=mailboxSERVER1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CLIENT,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAINB,DC=ORG]. 236 14:45:04.738 [6760] (ArchiveTask) <1380> EV:M {FindExchServerDn:#851} Exchange server found. Version (AD attrib 'serialNumber'): [Version 14.2 (Build 30247.5)]. 237 14:45:04.754 [6760] (ArchiveTask) <1380> EV:M {GetExchangeServerValues:#4282} Exchange server [mailboxSERVER1] DN: [CN=mailboxSERVER1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CLIENT,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAINB,DC=ORG], AD search path: [GC://DC01.DOMAINB.ORG], FQDN: [DOMAINB.ORG]. 238 14:45:04.754 [6760] (ArchiveTask) <1380> EV:L {CExchangeVersion::Load} (Entry) 239 14:45:04.754 [6760] (ArchiveTask) <1380> EV:M {CExchangeVersion::Load}|CExchangeVersion::Load- Exchange Version Description [Version 14.2 (Build 30247.5)]CExchangeVersion::Load - Major:[14] Minor:[2] Build:[30247] 240 14:45:04.754 [6760] (ArchiveTask) <1380> EV:L {CExchangeVersion::Load} (Exit) Status: [Success] Thanks a lot for your help, very much appreciated.
  • huh! good job man!! and thanks for the detailed posts, it really really helps