Topic Last Modified: 2009-01-22

This topic discusses how to troubleshoot mail flow issues between Microsoft Exchange Server 2007 and Exchange Server 2003 and between Exchange 2007 and Exchange 2000 Server. After you install Exchange 2007 in your Exchange 2003 or Exchange 2000 organization, you may observe the following issues:

These issues may occur if one or more of the following conditions are true:


To resolve this issue, use one of the following methods:

  • Add inheritable permissions to the appropriate mailbox store object, and make sure that the Exchange 2000 Servers group has the appropriate permissions.

  • Use Active Directory Service Interfaces (ADSI) Edit to create the Folder hierarchies container under the administrative group in Exchange Server 2007.

  • Grant the explicit Allow permission to the Exchange Servers permissions group on the Exchange server object in Active Directory.

Before You Begin

To perform this procedure, the account you use must be delegated membership in the local Administrators group. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.


To add inheritable permissions to the mailbox store object

  1. On the Exchange 2007 server on which the messages are queuing, obtain the latest routingconfig@<time_stamp>.xml file.

  2. Open the file using Notepad, and search for the HomeMdbRouting section.

  3. Verify that there is a listing for the message recipient's mailbox store. Find the appropriate Exchange 2003 server(s).

  4. In the Exchange 2003 Exchange System Manager, locate the properties of the Exchange 2003 server object, open the Security tab, and then make sure the Exchange Servers group has the following permissions:

    • Read

    • Access Recipient Update Service

    • Administrator information store

    • Create name properties in the information store

    • Exchange Web Services Impersonation

    • Exchange Web Services Token Serialization

    • Modify public folder replica list

    • Open mail send queue

    • Read metabase properties

    • Send As

    • View Information Store status

  5. Click Advance, and then select the Allow inheritable permissions check box.

  6. Repeat steps 4 through 5 for each mailbox store object under this Exchange 2003 server.

  7. Restart the Microsoft Exchange Transport service on the Exchange 2007 server to update routing tables.

To use ADSI Edit to create the Folder hierarchies container

  1. Start ADSI Edit.

  2. Expand the following container:

    Configuration [<Your_Domain_Name > ]/CN=Configuration, DC=<Your_Domain_Controller> ,DC=com/CN=Services/CN=Microsoft Exchange/CN=<Your_Organization_Name>,CN=Administrative Groups

  3. Right-click CN=<Your_Administrative_Group_Name>, point to New, and then click Object.

  4. Click msExchPublicFolderTreeContainer in the Select a class list, and then click Next.

  5. In the Value box, type Folder Hierarchies, and then click Next.

  6. Click Finish.

  7. Determine whether the msExchPFOwningPFTree attribute on the public folder store is associated with a public folder tree. To do this follow these steps:

    1. In ADSI Edit, expand the following container:

      Configuration [<Your_Domain_Name > ]/CN=Configuration, DC=<Your_Domain_Controller>,DC=com/CN=Services/CN=Microsoft Exchange/CN=<Your_Organization_Name>/CN=Administrative Groups/CN=<Your_Administrative_Group_Name>/CN=Servers/CN=<Your_Server_Name>/CN=Information Store/CN=<Your_StorageGroup_Name>.

    2. In the right-pane, right-click CN=Public folder store, and then click Properties.

    3. In the Attributes list, locate the msExchOwningPFTree attribute. The value provides the location of the public folder tree. If the attribute does not have a value, or the value is incorrect, go to step 8.

    4. Expand the container that is identified in the msExchOwningPFTree attribute value.

    5. Right-click CN=Public folders, and then click Move.

    6. In the Container to move object to dialog box, click Folder hierarchies, and then click OK.

  8. If the public folder store is not associated with a public folder tree, create a new tree. To do this, follow these steps:

    1. Right-click CN=Folder Hierarchies, point to New, and then click Object.

    2. In the Select a class list, click msExchPFTree, and then click Next.

    3. In the Value box, type Public Folders, and then click Next.

    4. Click More Attributes.

    5. In the Select a property to view list, click msExchPFTreeType, type 1 in the Edit Attribute box, and then click Set.

      The value must be set to 1 to so that Exchange identifies this as a MAPI Tree.
    6. Click OK, and then click Finish.

  9. Populate the msExchOwningPFTreeBL attribute object of the public folder stores in the organization. To do this, follow these steps:

    1. In ADSI Edit, right-click the public folder tree that you created, and then click Properties.

    2. In the Attributes list, click distinguishedName, and then click View.

    3. Copy the value in the Value box to the clipboard, and then click Cancel two times.

    4. Expand the Storage group container that contains the public folder store for the server, right-click the server and then click Properties.

    5. In the Attributes list, click msExchOwningPFTree, and then click Edit.

    6. Click Clear, paste the value that you copied to the clipboard in the Value box, and then click OK.

    7. Close ADSI Edit, and then restart the Information Store Service.

Grant the explicit Allow permission to the Exchange Servers permissions group on the Exchange server object in Active Directory.

  1. Start ADSI Edit.

  2. Expand the Exchange server object.

    • If you are running Exchange Server 2007, expand the following container:

      CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=<YourDomain>/CN=Administrative Groups\CN=Exchange Administrative Group/CN=Servers

    • If you are running Exchange Server 2003, expand the following container:

      CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=Administrative Group/CN=First Administrative Group/CN=Servers

  3. In the right pane, right-click the name of the server, and then click Properties.

  4. On the Security tab, click Advanced.

  5. On the Permissions tab, click the Name column header to sort the columns by name.

  6. In the Name column, locate the security settings that start with Exchange Servers.

  7. In the Permission column, locate the following permissions for the Exchange Servers security settings, and determine whether the setting in the Type column is set to Deny:

    • Store Constrained Delegation

    • Store Read and Write Access

    • Store Read only Access

    • Store Transport Access

  8. If a permission is set to Deny, click the setting, click Edit, click to select the Allow check box for the permission, and then click OK.

  9. After the permissions identified in step 7 are set to Allow, click OK two times, and then close ADSI Edit.