Topic Last Modified: 2009-01-22

This topic discusses how to troubleshoot mail flow issues between Microsoft Exchange Server 2007 and Exchange Server 2003 and between Exchange 2007 and Exchange 2000 Server. After you install Exchange 2007 in your Exchange 2003 or Exchange 2000 organization, you may observe the following issues:

Mail does not flow from Exchange 2007 to Exchange 2003 or Exchange 2000. However, e-mail messages can be sent from Exchange 2003 or Exchange 2000 to Exchange 2007.
When you check the queue viewer in Exchange 2007, e-mail messages are stuck in the Unreachable domain queue on the Exchange 2007 side.
When you double-click an e-mail message to view the properties, you receive the following error message: "There is currently no route to the mailbox database."
Outlook clients can log in, but they cannot send or receive mail. Outbound messages remain in the Outbox.
Messages are queued in the MapiDelivery queue on an Exchange 2007 Hub server. The queue is in a Ready state but there are messages stuck in the queue. Additionally, the message status shows the following error:

"430 4.2.0 STOREDRV; mailbox logon failure."
Messages that are sent from an Exchange 2007 mailbox are routed to the Unreachable destination queue on an Exchange 2007 Hub server. Additionally, the message status shows the following error:

"The mailbox recipient does not have a mailbox database."
You cannot authenticate your credentials with the SMTP Service by using BASIC (AUTH LOGIN) or SPA (AUTH GSSAPI)

These issues may occur if one or more of the following conditions are true:

Inheritable permissions have been removed from either the Exchange 2003 or Exchange 2000 server object or from the Exchange 2003 or Exchange 2000 mailbox store object.
The Exchange Servers group does not have appropriate permissions on the Exchange 2003 or Exchange 2000 server object or on the Exchange 2003 or Exchange 2000 mailbox store object.
The Folder Hierarchies container is missing under the administrative group in Exchange 2007. In this scenario, the HomeMDB value is missing for public folders.
The Exchange Servers group is missing permissions on the Exchange server object in Active Directory. Specifically, the explicit Allow permission has been removed from or the Deny permission is inherited for the following rights on the Exchange server object:
- Store Constrained Delegation
- Store Read and Write Access
- Store Read only Access
- Store Transport Access

On the server that hosts the mailbox of the sender, the following event is recorded in the Application log in Event Viewer:

Event ID : 1009

Category : MSExchangeMail

SubmissionSource : MSExchangeMailSubmission

Type : Warning

Machine : Server_Name

Message : The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.

When you use the Microsoft Exchange Troubleshooting Assistant on the Mailbox server to complete a trace using the Store Driver tag and the Transport tag, you receive several error messages. The error messages explain that the Store Driver code in the Transport service cannot log on to the Exchange store by using MAPI. Therefore, the Store Driver cannot pick up the Mail item to put it in the Submission queue. For example, you may see an error message that resembles the following:

StoreDriver, MailSubmissionService, PFD EMS 22427 SubmitMail for mailbox 1d53da12-6722-4986-bc19-da72890329ed at entry 536769

StoreDriver, MapiSubmit, PFD ESD 27547 Processing Rpc SubmitMessage for event Event 536769, mailbox 1d53da12-6722-4986-bc19-da72890329ed, mdb 13d716e1-9ccd-4f44-a47f-993adbf2f7b5

StoreDriver, MapiSubmit, PFD ESD 23451 Submitting event Event 536769, mailbox 1d53da12-6722-4986-bc19-da72890329ed, mdb 13d716e1-9ccd-4f44-a47f-993adbf2f7b5

StoreDriver, MapiSubmit, PFD ESD 17307 Opening mailbox 1d53da12-6722-4986-bc19-da72890329ed on 13d716e1-9ccd-4f44-a47f-993adbf2f7b5,server.contoso.com

000002E6, 2C0067006E0069, StoreDriver, ExceptionHandling, Exception occurred during message Submit : Microsoft.Mapi.MapiExceptionLogonFailed: MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=1010)Diagnostic context: ...... Lid: 8600 dwParam: 0x6BA Msg: EEInfo: ProcessID: 4956 Lid: 12696 dwParam: 0x6BA Msg: EEInfo: Generation Time: 2007-02-08 10:32:23:406 Lid: 10648 dwParam: 0x6BA Msg: EEInfo: Generating component: 2 Lid: 14744 dwParam: 0x6BA Msg: EEInfo: Status: 1722 Lid: 9624 dwParam: 0x6BA Msg: EEInfo: Detection location: 390 Lid: 13720 dwParam: 0x6BA Msg: EEInfo: Flags: 0 Lid: 11672 dwParam: 0x6BA Msg: EEInfo: NumberOfParameters: 2 Lid: 8856 dwParam: 0x6BA Msg: EEInfo: prm[0]: Unicode string: server.contoso.com Lid: 8856 dwParam: 0x6BA Msg: EEInfo: prm[1]: Unicode string: MAIL2 Lid: 23065 EcDoConnectEx called [length=188] Lid: 17913 EcDoConnectEx returned [ec=0x3F2][length=56][latency=0] Lid: 23065 EcDoConnectEx called [length=188] Lid: 17913 EcDoConnectEx returned [ec=0x3F2][length=56][latency=0] Lid: 19778 Lid: 27970 StoreEc: 0x3F2 Lid: 17730 Lid: 25922 StoreEc: 0x3F2

at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx)

at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize)

at Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)

at Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)

at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)

Resolution

To resolve this issue, use one of the following methods:

Add inheritable permissions to the appropriate mailbox store object, and make sure that the Exchange 2000 Servers group has the appropriate permissions.
Use Active Directory Service Interfaces (ADSI) Edit to create the Folder hierarchies container under the administrative group in Exchange Server 2007.
Grant the explicit Allow permission to the Exchange Servers permissions group on the Exchange server object in Active Directory.

Before You Begin

To perform this procedure, the account you use must be delegated membership in the local Administrators group. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To add inheritable permissions to the mailbox store object

On the Exchange 2007 server on which the messages are queuing, obtain the latest routingconfig@<time_stamp>.xml file.
Open the file using Notepad, and search for the HomeMdbRouting section.
Verify that there is a listing for the message recipient's mailbox store. Find the appropriate Exchange 2003 server(s).
In the Exchange 2003 Exchange System Manager, locate the properties of the Exchange 2003 server object, open the Security tab, and then make sure the Exchange Servers group has the following permissions:
- Read
- Access Recipient Update Service
- Administrator information store
- Create name properties in the information store
- Exchange Web Services Impersonation
- Exchange Web Services Token Serialization
- Modify public folder replica list
- Open mail send queue
- Read metabase properties
- Send As
- View Information Store status
Click Advance, and then select the Allow inheritable permissions check box.
Repeat steps 4 through 5 for each mailbox store object under this Exchange 2003 server.
Restart the Microsoft Exchange Transport service on the Exchange 2007 server to update routing tables.

To use ADSI Edit to create the Folder hierarchies container

Start ADSI Edit.
Expand the following container:

Configuration [<Your_Domain_Name > ]/CN=Configuration, DC=<Your_Domain_Controller> ,DC=com/CN=Services/CN=Microsoft Exchange/CN=<Your_Organization_Name>,CN=Administrative Groups
Right-click CN=<Your_Administrative_Group_Name>, point to New, and then click Object.
Click msExchPublicFolderTreeContainer in the Select a class list, and then click Next.
In the Value box, type Folder Hierarchies, and then click Next.
Click Finish.
Determine whether the msExchPFOwningPFTree attribute on the public folder store is associated with a public folder tree. To do this follow these steps:
1. In ADSI Edit, expand the following container:
  
  Configuration [<Your_Domain_Name > ]/CN=Configuration, DC=<Your_Domain_Controller>,DC=com/CN=Services/CN=Microsoft Exchange/CN=<Your_Organization_Name>/CN=Administrative Groups/CN=<Your_Administrative_Group_Name>/CN=Servers/CN=<Your_Server_Name>/CN=Information Store/CN=<Your_StorageGroup_Name>.
2. In the right-pane, right-click CN=Public folder store, and then click Properties.
3. In the Attributes list, locate the msExchOwningPFTree attribute. The value provides the location of the public folder tree. If the attribute does not have a value, or the value is incorrect, go to step 8.
4. Expand the container that is identified in the msExchOwningPFTree attribute value.
5. Right-click CN=Public folders, and then click Move.
6. In the Container to move object to dialog box, click Folder hierarchies, and then click OK.
If the public folder store is not associated with a public folder tree, create a new tree. To do this, follow these steps:
1. Right-click CN=Folder Hierarchies, point to New, and then click Object.
2. In the Select a class list, click msExchPFTree, and then click Next.
3. In the Value box, type Public Folders, and then click Next.
4. Click More Attributes.
5. In the Select a property to view list, click msExchPFTreeType, type 1 in the Edit Attribute box, and then click Set.
  
  Important:
  
  The value must be set to 1 to so that Exchange identifies this as a MAPI Tree.
6. Click OK, and then click Finish.
Populate the msExchOwningPFTreeBL attribute object of the public folder stores in the organization. To do this, follow these steps:
1. In ADSI Edit, right-click the public folder tree that you created, and then click Properties.
2. In the Attributes list, click distinguishedName, and then click View.
3. Copy the value in the Value box to the clipboard, and then click Cancel two times.
4. Expand the Storage group container that contains the public folder store for the server, right-click the server and then click Properties.
5. In the Attributes list, click msExchOwningPFTree, and then click Edit.
6. Click Clear, paste the value that you copied to the clipboard in the Value box, and then click OK.
7. Close ADSI Edit, and then restart the Information Store Service.

Important:
The value must be set to 1 to so that Exchange identifies this as a MAPI Tree.

Grant the explicit Allow permission to the Exchange Servers permissions group on the Exchange server object in Active Directory.

Start ADSI Edit.
Expand the Exchange server object.
- If you are running Exchange Server 2007, expand the following container:
  
  CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=<YourDomain>/CN=Administrative Groups\CN=Exchange Administrative Group/CN=Servers
- If you are running Exchange Server 2003, expand the following container:
  
  CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=Administrative Group/CN=First Administrative Group/CN=Servers
In the right pane, right-click the name of the server, and then click Properties.
On the Security tab, click Advanced.
On the Permissions tab, click the Name column header to sort the columns by name.
In the Name column, locate the security settings that start with Exchange Servers.
In the Permission column, locate the following permissions for the Exchange Servers security settings, and determine whether the setting in the Type column is set to Deny:
- Store Constrained Delegation
- Store Read and Write Access
- Store Read only Access
- Store Transport Access
If a permission is set to Deny, click the setting, click Edit, click to select the Allow check box for the permission, and then click OK.
After the permissions identified in step 7 are set to Allow, click OK two times, and then close ADSI Edit.