Error moving mailboxes?

So you’re cleaning out a storage group, and there are a bunch of mailboxes that you don’t seem to be able to move?

If you check the Eventlog, do you find these events?

The MAPI call ‘OpenMsgStore’ failed with the following error:
The information store could not be opened.
The MAPI provider failed.
MAPI 1.0
ID no: 8004011d-0289-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Failed to open mailbox ‘/o=CONTOSO/ou=First Administrative Group/cn=Recipients/cn=JohnDoe’ in mailbox store ‘/o=CONTOSO/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=ContosoMailServer/cn=Microsoft Private MDB81234567’ on server ‘ContosoMailServer’.
Error: The information store could not be opened.
The MAPI provider failed.
MAPI 1.0
ID no: 8004011d-0289-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Quickly check if these users are not disabled.  Mailboxes with disabled users as associated account cannot be moved.  The workarounds are to enable the user accounts – which is not that desireable for your company’s Security staff – or assign SELF as the associated account.

More info at Microsoft.

Windows clients forget their domain after you reset their snapshot?

Ever run into a problem where you revert a domain member server or Windows XP domain client toa previously taken snapshot, and when trying to log on the domain, the logon fails?

I did in 2007, and never really thought of it until I ran into the following article 1006764 on the VMWare knowledge base.

The cause is very simple, and so is the solution: Member servers and clients have, just like users, accounts with passwords. If set up like this, these passwords are reset every set period. If you revert a machine back to an old snapshot, chances are that the password stored in the snapshot is not up to date with the password stored in Active Directory, and hence, Active Directory does not allow the machine to log on again.

Be mindful of the Current Time

If you ever run into one of those messages “The current time on the computer and the current time on the network are different” when trying to log on, you will probably try to log on on the domain controller and try to assess in which amount the time got desynchronised in your domain or between domains in your forrest.  As you might know, Active Directory is picky about time, because the Kerberos authentication does not accept timestamps that differ more than 5 minutes between the machine that is trying to host the login and the domain controller.

Continue reading “Be mindful of the Current Time”