This article has been archived. It is offered "as is" and will no longer be updated.
In Microsoft Exchange Server 2003, when you try to move a user's mailbox by using the Exchange Task Wizard, the move mailbox operation is not successful. In this scenario, you experience both the following symptoms:
The following events appear in the Application log in Event Viewer:
Event ID 9166
Event Type: Error Event Source: MSExchangeAdmin Event Category: Move Mailbox Event ID: 9166 Date: date Time: time User: N/A Computer: ServerName Description: Failed to log on to the MAPI session on server ServerName Error: Access is denied. For more information, click http://search.support.microsoft.com/search/?adv=1.
Event ID 1008
Event Type: Error Event Source: MSExchangeAdmin Event Category: Move Mailbox Event ID: 1008 Date: date Time: time User: N/A Computer: ServerName Description: Unable to move mailbox mailbox name Error: Access is denied.
Information that is similar to the following appears in the Exchange Task Wizard log file:
Note By default, the Exchange Task Wizard log file is stored in the following location:
C:\Documents and Settings\UserName.DomainName\My Documents\Exchange Task Wizard Logs\ETW14D7.xml
This problem may occur if both the following conditions are true:
You perform the move mailbox operation in a mixed-mode administrative group.
The account that you use to perform the mailbox move operation, or the Exchange 2003 Full Administrator account, is different from the Microsoft Exchange Server 5.5 service account.
This problem is caused by a timing problem. The timing problem may occur if your Exchange Server 2003 computer is busy when you try to move the mailbox. In this scenario, the move mailbox operation may be unsuccessful because the Exchange Full Administrator account may not have sufficient rights on the Global\ExchangeAdminMapiLogon mutual exclusion object (mutex) to perform a MAPI logon.
Typically, many Microsoft Exchange System Attendant service threads use the Global\ExchangeAdminMapiLogon mutex. These threads all run under the Local System account. Therefore, these threads all have sufficient rights to acquire this mutex regardless of the thread that created the mutex. In this scenario, and in a pure Exchange Server 2003 administrative group, the Global\ExchangeAdminMapiLogon mutex is created in the following manner. The following accounts have permissions:
Local Administrator or the Administrators Group
However, in a mixed administrative group, this mutex could be created by one of the mad.exe threads that impersonates the legacy Exchange Server 5.5 service account for free/busy interoperability. When this behavior occurs, the mutex is created in the following manner. The following accounts have permissions:
Exchange Server 5.5 service account
Therefore, in this scenario, your Exchange Full Administrator account may not have sufficient permissions to perform the move mailbox operation.
To work around this problem, use one of the following methods.
Method 1: Make sure that the "System Objects: Default owner for objects created by members of the Administrators group" security policy.is set to "Administrators group" on any affected Exchange Servers
You may verify and change the setting of this security policy by using the Group Policy Object Editor MMC snap-in. To do this, follow these steps:
Click Start, click Run, type gpedit.msc, and then click OK.
Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
Double-click System Objects: Default owner for objects created by members of the Administrators group.
If the policy is set to a value of Object creator, change the value to Administrators group.
For the policy to take effect, restart the affected Exchange Servers.
Note If the policy is not available, and then it is being configured through a Group Policy Object in Active Directory. In this case you will have to make the change on the Group Policy Object itself.
Method 2: Move the mailbox from a computer that is not running Exchange Server
This problem occurs only on a computer that is running Exchange Server. To work around this problem, move the mailbox by using the Exchange Task Wizard on a computer that is not running Exchange Server. To do this, perform a custom installation of Exchange Server 2003 to install the Microsoft Exchange System Management Tools on a computer in your domain.
Method 3: Run the move mailbox operation under the Local System account
Start the Active Directory Users and Computers MMC snap-in or the Exchange System Manager MMC snap-in under the Local System account. To do this, follow these steps:
Schedule a command prompt to start under the Local System account. To do this, follow these steps:
Click Start, click Run, type cmd, and then click OK.
Type the following command, where time is the time that you want the cmd.exe to start:
at time:PM /interactive "cmd.exe"
Type at, and then press ENTER to view the list of scheduled jobs.
Type exit, and then press ENTER to quit the command prompt.
At the new command prompt that starts when the scheduled task runs, type dsa.msc, and then press ENTER.
Start the Exchange Task Wizard to move the user's mailbox.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.