I believe I am having permission problems setting up the Interorg
Replication utility.
I am attempting to set up bidirectional Interorg Replication of the
Free/Busy Folders between an Exchange 5.5 (SP4) Org running on a NT 4.0
domain and a Exchange 2000 (SP2) Org running on a
single-domain/tree/forest AD domain. AD domain trusts the NT 4.0
domain, but not the reverse. The Interorg Replication service is
running on a Win2K member server of the AD domain using the Exchange
service account from the NT 4.0 domain. Using the domain trust, I've
granted that account full send as/receive as rights for the public
folder container and the mailbox container. Logged in as the Exchange
5.5 service account on the InterOrg Replication server, I am able use
Outlook 2000 to access the Exchange 5.5 mailbox and the Exchange 2000
mailbox (using two different profiles). I've granted the Exchange 2000
mailbox owner rights to the Schedule+ Free Busy public folder.
Both Interorg Replication log show:
Start Time : Wednesday, July 10, 2002 14:54:45
ERROR: Unable to initialize MAPI interface.
ERROR: Current relication session skipped.
@@STATS 0 0 0 0 0 0 0 0
Stop Time : Wednesday, July 10, 2002 14:54:53
The event log of the InterOrg Replication server shows:
------------------------------------------------------------------------
------
Source: Exchsync
Category: None
Event ID: 116
Mailbox user [Exchange 2K mailbox] does not have enough security to
replicate to server [Exhange 2K server] on session 'Exchange 2K to
Exchange 5.5'.
------------------------------------------------------------------------
------
Source: Exchsync
Category: None
Event ID: 115
Mailbox user [Exchange 2K mailbox] does not have enough security to
replicate to server [Exhange 2K server] on session 'Exchange 5.5 to
Exchange 2K'.
------------------------------------------------------------------------
------
The security event log of the Exchange 2K Server shows:
------------------------------------------------------------------------
------
Source: Security
Category: Object Access
Event ID: 565
User: NT4\NT4ServiceAccount
Object Open:
Object Server: Microsoft Exchange
Object Type: Microsoft Exchange Logon
Object Name: /o=PowerTV/ou=First Administrative
Group/cn=Recipients/cn=exch2Kmailbox
New Handle ID: -
Operation ID: {0,2147434465}
Process ID: 1784
Primary User Name: Exch2KSrv$
Primary Domain: WIN2K
Primary Logon ID: (0x0,0x3E7)
Client User Name: Services
Client Domain: NT4
Client Logon ID: (0x0,0x7FFAB0F6)
Accesses Unknown specific access (bit 8)
Privileges -
Properties:
DELETE
ACCESS_SYS_SEC
MAX_ALLOWED
Unknown specific access (bit 5)
Unknown specific access (bit 7)
Unknown specific access (bit 8)
Unknown specific access (bit 11)
Unknown specific access (bit 14)
Unknown specific access (bit 15)
%{ab721a54-1e2f-11d0-9819-00aa0040529b}
------------------------------------------------------------------------
------
It looks like a permission is missing when accessing the Exchange 2K
mailbox using the NT 4.0 account, but I can do so using Outlook 2000
manually so I'm not certain what the missing permission could be. Any
ideas?
FYI, I tried overriding the service account authenication for the Exch2K
mailbox using the account and domain settings in the Interorg tool, but
I get the same result and it also shows that the service account from
the trusted domain is the account that is failing to get the access
(i.e. the override doesn't work).
Russell Ragar, MCSE+I, CNE, CCNA
Senior Network Engineer
PowerTV, Inc.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
