Article ID: 911144 - View products that this article applies to.
When Microsoft Operations Manager (MOM) 2005 is used together with the Exchange Management Pack for Microsoft Exchange Server 2003, MOM 2005 uses a MAPI logon script to verify the status of the MAPI services that are provided by Exchange Server 2003. When the MAPI logon verification script cannot log on to the designated mailboxes, the script may generate one of the following errors in MOM 2005:
To verify that the mailbox store is mounted and that Microsoft Outlook users can successfully log on, the Exchange Management Pack runs the MAPI logon verification script. In this script, the Mailbox Access account credentials are used to actually log on and open the mailbox of the test mailbox. This mailbox is typically named as follows:
Server_NameMOMThe mail flow verification scripts also use MAPI logon to send and receive messages.
If the Mailbox Access account does not have the correct user rights, or if it cannot log on to the test mailboxes because of other causes, it generates MAPI logon errors. This article describes the probable causes of these errors. Additionally, this article describes the steps that you must take to troubleshoot the different types of errors that you may receive.
You can view the MAPI logon script error messages in the Operator Console of MOM 2005 by using one of the following views:
The "General troubleshooting steps" section lists the general steps that you must perform to troubleshoot the issue. Additionally, other sections list steps that you must perform to troubleshoot the issue, depending on the phrase that you see in the error message. However, if the steps that you perform in a particular section do not resolve the issue, you must perform the steps in the other sections. Sometimes multiple causes can exist for the same error. For more information about MAPI error codes, click the following article number to view the article in the Microsoft Knowledge Base:
The information store could not be opened. [MAPI 1.0 - [MAPI_E_LOGON_FAILED(80040111)]]
This event was generated by the script: "Exchange 2003 - MAPI logon verification"
Additional diagnosis on the problem can't be performed because: This event was generated by the script: "Exchange 2003 - MAPI logon verification"
(https://support.microsoft.com/kb/238119/ )List of Extended MAPI numeric result codes
General troubleshooting stepsDetermine the Mailbox Access account that is used by the MAPI verification script to log on to the Exchange server. To do this, look in Exchange System Manager in the Logons section under the Mailbox Store folder. You should see the test mailbox and verify that the Microsoft Windows account that was used to log on was the Mailbox Access account.
Next, determine whether the issue is specific to a particular Exchange server or if the issue applies to all Exchange servers. If you receive MAPI logon verification script problems that generate event ID 9981 (general MAPI logon failure) or event ID 9016 (generated by the MailFlow sender script), verify that the Mailbox Access account has full mailbox rights on the mailbox that is used for the MAPI logon test. To do this, follow these steps:
If you cannot open the test mailbox, make sure that none of the mailboxes that MOM uses (Mailbox Access account and test mailboxes) are hidden. Also, determine whether the accounts were created manually, were created by using the Exchange Management Pack Configuration Wizard, or were created by using provisioning software. This will help narrow the reasons for the issue with the accounts or test mailboxes.
Error: MAPI_E_NOT_FOUNDTo resolve this issue, verify the value for the following registry entry:
This is the location where temporary MAPI logon profiles are created. This value should be configured as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\ProfileDirectory
%systemroot%\temp\exmppdTypically, the profile directory would be C:\temp\exmppd. For more information about MAPI profile files, click the following article number to view the article in the Microsoft Knowledge Base:
166599Verify that the Mailbox Access account, not the test mailbox for the server, has read and write permissions to the C:\temp\exmppd directory. The best way to do this is to log on to the server as the Mailbox Access account and then verify that you can create a test file in this directory.
(https://support.microsoft.com/kb/166599/ )XWEB: MMP files Created by MAPI and CDO
The Mailbox Access account must have local logon rights on each Exchange server. These rights are required for the MAPI logon and mail flow tests. The Exchange Management Pack Configuration Wizard automatically grants the necessary rights.
Error: MAPI_E_NOT_INITIALIZEDTypically, this error is related to file versions on the Exchange server. To verify file conflicts, follow these steps:
Error: MAPI_E_LOGON_FAILED(80040111)Inherited "Deny" permissions cause the MAPI logon verification test to fail. If the Mailbox Access account is included in a group that has "Send As" and "Receive As" permissions that are configured as "Deny" at the organization level, the Mailbox Access account cannot log on to the Exchange server. To verify and correct this issue, follow these steps.
Step 1: Verify that you can see the mailbox in Exchange System Manager
Step 2: Verify user rights in Exchange System Manager
Step 3: Make sure that the Mailbox Access account is not included in a group that has organization-level "Deny" permissionsIf the group that includes the Mailbox Access account has "Deny" permissions configured for the "Send as" or the "Receive as" user right at the organization level, the Mailbox Access account cannot log on to the Exchange server. If the Mailbox Access account is configured as an administrative account that is included in groups that are restricted at the organization level, you must use an ordinary account that is not included in these default groups. For example, you can use an ordinary domain user account that has the "Log on locally" user right for the Mailbox Access account. To correct this problem, follow these steps:
Error: Event ID 9983 – "Cannot Impersonate Mailbox Access Account"If you receive this event, the credentials that you supplied when you ran the Exchange Management Pack Configuration Wizard or the ExchangeMOMSetCredentialUtility.exe were incorrect. Run the Exchange Management Pack Configuration Wizard or the ExchangeMOMSetCredentialUtility.exe again by using the correct credentials. This event may also indicate that the Mailbox Access account may not have permission to log on locally to the Exchange server. Verify that the Mailbox Access account is listed as having the "Allow log on locally" user right in the Local Security Policy or in the Domain Controller Security Policy if the server is a domain controller.
Note The ExchangeMOMSetCredentialUtility tool is included with Microsoft Operations Manager 2000. The Exchange Server 2003 Management Pack for Microsoft Operations Manager 2000 Service Pack 1 (SP1) and later Management Packs do not include this tool. Instead, the Exchange Management Pack Configuration Wizard is used together with these products. You can use the Exchange Server 2003 Management Pack Configuration Wizard to perform the functions that you performed by using the ExchangeMOMSetCredentialUtility tool.
Error: MAPI_E_AMBIGUOUS_RECIPYou receive this error if the mailbox logon script does not run. This error occurs when the Mailbox Access account display name and the samAccountName attribute in Active Directory are different. To resolve this issue, follow these steps:
Intermittent MAPI logon failuresActive Directory problems can cause intermittent failure of the MAPI logon verification script. MAPI logon fails if it cannot access a domain controller or if the domain controller does not respond in a timely manner.
Log MOM errorsYou can log MOM errors to a log file by configuring a registry entry on the Exchange server. To do this, follow these steps:
Article ID: 911144 - Last Review: October 25, 2007 - Revision: 1.4