Exchange 2007: MSExchangeIS 9646

Had a user who couldn’t log on to his Exchange 2007 mailbox.  He was getting this message:

“Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can synchronize your folders with your offline profile”

Essa done some digging and found this: http://www.davidunderwood.org/2007/10/02/Exchange2007WithOutlook2003ClientUnableToOpenDefaultEMailFolders.aspx

If you receive the error “Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can syncronize your folders with your offline profile” which persists across multiple computers with the same user then the user has attempted to connect too many times to the mail store and locked their store. Restarting the information store for Exchange 2007 corrected the issue. 

The Application eventlog on the server reported:

Event Type:    Error
Event Source:    MSExchangeIS
Event Category:    General
Event ID:    9646
Date:        13/11/2007
Time:        15:09:08
User:        N/A
Computer:    GBRPSMMSWM01NB
Description:
Mapi session “/o=MyOrg/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=” exceeded the maximum of 32 objects of type “session”.

The fix is a bit drastic!  A KB exists: 925815: An Exchange 2007 server stops responding to a MAPI client and logs event ID 9646 in the Application log
http://support.microsoft.com/?kbid=925815

 

 

New-PublicFolderDatabase = Access is denied

Humm, so I tried to create a public folder store to on a server and got:

Summary: 2 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01

New PUB01-PUB03
Failed

Error:
Active Directory operation failed on dc00003.mydom.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
new-publicfolderdatabase -StorageGroup ‘CN=SG02-PUB03,CN=InformationStore,CN=PUB03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=BarWealth,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=gbl,DC=barwealth,DC=net’ -Name ‘PUB01-PUB03’ -EdbFilePath ‘F:SG02SG02-DBPUB01-PUB03.edb’

Elapsed Time: 00:00:01

 

Turns out that if you delegate a group as server administrator they get an explicit deny on the server object for Create and Delete Public Information Store Objects.  Suppose it does make sense as a Public Folder is an org wide thing .. but hey, every day is a school day