I was working on an Exchange 2007 to Exchange 2010 project when we ran into trouble creating our first public folder database on an Exchange 2010 server. Mind you, this was just creating the database. We did not even set up replication for this database yet. All mailboxes still resided in Exchange 2007 databases pointing to an Exchange 2007 public folder. Very soon after creating the database we got notified users could no longer send mails to mail enabled public folders. The exact error was this:
554 5.6.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found.
Also browsing of the public folders in Outlook was slow and the application froze/hung. These issues where fixed very fast by getting rid of the still unused public folder database all together. Now we could commence our search for the root cause. The error seemed related to the issue described in Public Folder Replication Fails Due To Empty Legacy Administrative Group which can be found @ http://msexchangeteam.com/archive/2010/05/05/454821.aspx The blog describes this error during replication:
Log Name: Application
Source: MSExchange Store Driver
Event ID: 1020
Level: Error
Description:
The store driver couldn’t deliver the public folder replication message “Hierarchy ([email protected])” because the following error occurred: The Active Directory user wasn’t found.
But apart from replication not working there were other, more severe issues impacting end users who can still all be on Exchange 2007. The hanging of the outlook clients and mail enabled folders no longer being available. Dave Stork blogged about this in http://blogs.dirteam.com/blogs/davestork/archive/2010/03/16/mail-enabled-public-folder-recipient-not-found.aspx
Now the first mentions of the replication issue have been reported back in November 2009 (see http://get-exchange.blogspot.com/2009/11/public-folder-mayhem-exchange-2010.html) but still hasn’t been fixed. For the moment that fix is planned to be included in E2K10 RU5. Currently we’re at RU3, so that might well be august 2010.
The workaround described in above mentioned blog posts works & is effective immediately. Now they described the issue and the fix very well but I’ll add to tips.
Tip 1
“Practical End User Friendly Detection” of this issue can be done using exfolders.exe. You can read more about this tool here: “Exchange, meet ExFolders” (http://msexchangeteam.com/archive/2009/12/04/453399.aspx).The error only occurs when you create a public folder on Exchange 2010 and can be very annoying for the users so I’ll share this tip with you. Download the tool here http://msexchangeteam.com/files/12/attachments/entry453398.aspx and install it on an Exchange 2010 server in the bin directory (follow the readme.txt and don’t forget to merge the .reg file or the tool will crash). Running exfolders.exe and connect against any Exchange 2007 public folder. When you get this error …
—————————
ExFolders
—————————
An error occurred while trying to establish a connection to the Exchange server. Exception: The Active Directory user wasn’t found.
—————————
OK
—————————
… you know you are affected. Deleting the empty Servers containers from ALL legacy Administrative Groups fixes the error. You then can connect successfully to a Exchange 2007 public folder with exfolder.exe. Which is a cool way to test for this issue and if the fix works as you don’t need to create a public folder and possibly hinder you users.
Tip 2
Also note that you need to delete (using ADSIEDIT) every empty servers container out of every legacy Administrative Group, not just or only the one in the “First Administrative Group”. Don’t worry if you renamed that one to something more descriptive, that doesn’t matter at all. All the servers containers in the legacy Administrative Group should be empty I you have no more E2K3 servers left in your exchange organization. Feel free to leave comments on your experiences.
Doing a Exch2010 migration and ran into this issue. Worked awesome! Thanks for the fix!
You’re welcome. Good to know it helped.
Pingback: New Version of ExFolders that is Exchange 2010 SP1 Compatible « Working Hard In IT
Pingback: Exchange 2007 to 2010 migration hassles « Tim Anderson’s ITWriting
Hi,
We’re an organization with a single domain and a single Exchange server and a couple years ago we migrated from 2003 to 2007. Now we’re attempting to migrate from 2007 to 2010, and I wanted to configure public folder replication just as an easy way to get all the items in our public folders over to the new server and its brand new one day old installation of 2010. However, after trying this fix in adsiedit.msc the couple mailboxes I put on the new server for testing can no longer send mail to anybody except other mailboxes on the new server. They can receive mail from anybody (both within the organization and outside the organization), they just can’t send to anyone except those recipients with mailboxes that are also on the new server. It was working fine before this change, so this must have been what caused it. Any ideas what I could do to get it back to the way it was? I tried running some of the setup switches (like /PrepareAD), and when that didn’t work I tried uninstalling and reinstalling Exchange on the new server, but neither of these fixed it. Thank you for any help you can provide!
Hello,
Were the server containers empty? If not that’s a big issue and you’ll need to recreate it, which is tedious. If not make sure you have all receive connectors set up straight. Are mials stuck in the queues? If so, with what error? Take it from there.
Good luck?
Sorry, I figured it out, it was an amateur firewall/port issue and had nothing to do with the change I made for public folder replication (which incidentally now works).
But I certainly appreciate you taking the time to try and help me out despite the fact that technically my problem didn’t actually deal with public folder replication per se. Thanks again!
No problem, I’m glad you found the problem and fixed it. We all make silly mistakes 🙂 I made my fair share.good to hear wasn’t an non empty server container in the admin groups. That can be fixed but it isn’t fun. Take care.
Hi! i’m having this problem too. But I only have one exchange 2010 server (migrated form 2003, to 2007 and last year to 2010). I found that the CN=Server container under CN=First Organization Group is empty. can this be the issue? how can i recreate it?
thanks!!
Julián
Hi, Yes it could very well be. If you don’t have any E2K3 servers left, than it is normal the server container is empty. As a matter of fact it is needed to delete that empty container to make it work. Read the blog post over carefully as well as the Microsoft blog on this issue: http://blogs.technet.com/b/exchange/archive/2010/05/05/3409916.aspx. But don’t delete the admin group(s) Just the empty server container if you’re sure there are no more servers supposed to be in there and that it being empty is normal. These links are also in the blog. Good luck!
Oops! you are right! I deleted the container and it worked!
thanks!
Julián
Good the read your issue is solved. Would you mind sharing what Service Pack and Roll Up you’re at?
This worked Great! Recent conversion from 2003 to 2010 SP1 and was having issues with public folder ownership. Found out about ExFolders but was stymied with this error. Found your blog and fixed it in about 5 minutes.
After finally removing my 2003 server and everything is still working it is funny to have something like this come up. I noticed using ExFolders that in the System Folders there are still several references to the old 2003 administrative group (First Administrative Group).
For example I expand Schedule+Free Busy and there is still both administrative groups (2003 & 2010). The thing that worries me is that under the 2003 group I select Items on the right and there are still things there, a lot!
On the replicas tab there is only my 2010 server listed and everything seems to be working. I guess I’m stuck with them for ever? Thanks for the great info.
I’m happy it helped you out so fast. It’s normal to see legacy objects/names in your organization and they are either benign or needed. Unless they are causing issues or if you’re instructed to do so by MS Support you can safely ignore them.
An Example of this might be that LegacyExchangeDN attribute on mailboxes moved to Exchange Server 2010 from Exchange Server 2003 continues to reference the legacy administrative group. They have some guidance on how to deal with this here for Exchange 2007 http://technet.microsoft.com/en-us/library/bb288905%28EXCHG.80%29.aspx.
What, why and how is not always this clear & relatively easy so the advise is not to try and fix something that is not broken.
Helped my.
Thanks for the great info.
Gido
OMG ! Thanks a lot for this tips !! Solved my problem.
Just Great !
You’re most welcome Julien 🙂
That solved my problem. Thanks!!
Just ran into this with a clean install of e2010 sp1 ru5.
Turned out the e2003 removal was a bit bollixed. Removed the empty server container fixed it.
Hi,
I’m in trouble… I just deleted in ADSI edit all the container (I know, I was under preassure to fix PF replication issues, my mistake) not only servers object. In Exfolder I can see public folders, but in exchange is all empty.
Please, anyone can help?
Chris,
You’ll need to recover from that. Either with an AD restore by recreating the container with objects & correct settings/security, depending on what you mean with “the container”. I suggest you get in touch with Microsoft support as soon as you can if you feel this is a bit more than you’re comfortable dealing with. The’ll help you achieve this.
Good luck!
Hi, we have a mixed environment of exchange 2003/2007/2010 servers. This error pops up everytime we try and view Free/Busy info for users on the 2003 Exchange servers. Any suggestions will be mostly appreciated!!
Is public folder replictaion working as it should? If not check this article again to see if you’re afffected by this.
Great work! This is the type of information that should be shared around the internet. Disgrace on the seek engines for now not positioning this publish upper! Come on over and consult with my website . Thanks =)
I have the exact same problem – but having issues with what to look for in adsiedit.
Would appreciate a pointer to what exaclty to look for in AdsiEdit.
Hello look at the picture in the blog. In adsiedit you need to go here:
CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,
DC=MyCompnay,DC=XX to find the emptycontainer(s) => MyCompany & XX are naturally to be substituted by your own names/values
Cheer
How long after deleting CN=Servers should I expect to see the data migrate over?
You should make sure AD has replicated, depending on the toplogy and configuration that can differ a bit but default within a AD site you should be good to go after about 5 minutes. To make sure you can always trigger replictaion manually.
Hope this helps
Dam, that’s what I read after posting. I’ve forced and am not getting any love at this point.
You wouldn’t happen to know where to look for any logs? I’m not getting anything in the queues or Event Log aside from this and hour ago:
Log Name: Application
Source: MSExchangeIS Public Store
Date: 4/4/2012 1:48:18 AM
Event ID: 3091
Task Category: Replication Errors
Level: Warning
Keywords: Classic
User: N/A
Computer: exch2010.domain.com
Description:
Error 0x8004010f occurred while processing an incoming replication message.
Folder: (5-B7E89FB9C1) Adrienne
I’d take a look here, especially the comment left by a reader https://blog.workinghardinit.work/2010/11/04/exchange-2010-public-folder-worries-at-customer-no-existing-publicfolderproxyinformation-matches-the-following-identity/
They finally came over. Here is what I think happened:
Before I removed the CN=Servers setting I had tried to manage the replication from my 2010 box but it wouldn’t let me set the new server as a replication partner. So I did so on the 2007 box, not connecting to the 2007 from the 2010 box. Then I found the issue with CN=Servers and deleted it, but never went back and connected to 2007 from 2010. This morning I connected from my 2010 box to 2007 and reset the replication schedule. Once I flipped back over to 2010 I could see all the folders.
Excellent. I’m glad to hear it worked out and I hope the information you found here was useful.
ok so maybe I”m a bit old school but I still have that lingering fear of deleting anything in the old admin container as we were warned stearnly by MS not to do that back in the 2007 days. I have 2008 R2 Ad dumpster enabled… does anyone know if configuration data in AD is recoverable using the AD dumpster so I don’t have to use a authoritative restore if this breaks something?
It is save to do, if you are in this exact situation. You can contact Microsoft Support if you desire confirmation. To my knowledge (but I have been know to be wrong at times), no, you’ll need to recreate them if you delete them or the wrong ones, which can be tedious or restore a backup.
Hi,
excellent Tip!
Thank you
If you have a “CN=System Policies” at the same level as other legacy Administrative Groups you also need to delete an empty Server CNs in that CN too. It wasn’t clear to us right away if “System Policies” empty server containers matter but they did and it fixed our issues once we deleted it (in addition to the “First Administrative Group” empty CN
Had done a migration from Ex2003 to Ex2010. The uninstall of the Ex2003 failed and had to do it manually. Had left the (empty) servers container behind and public folders were unusable. Deleted and all OK. Thanks for the fix!
You’re welcome & thanks for reading.
Great post. And really helpful tip on using ExFolders to confirm the issue and easily test the fix. We had this issue appear months after removing a legacy Exchange server. Posting to a public folder was causing the sender to get an NDR. Nothing has changed on our Exchange environment for months so don’t know why it is happening now. We are in the middle of a veeam backup of Exchange, which is taking a while, so may have something to do with it? Anyway, all fixed now. Thanks again.
You’re most welcome and thank your for reading!
Thank you sir.