We have a unity 3.14/exchange 2k/AD in one box running prefectly.
we want to do a unity database and exchange message database restore test.
Here is what we did and the problem we had:
1. Installed a new unity server in a totally seperate Lan. It's also a GC and Ex2k, same name, same domain, same exchange orgnization and site name.
2. We used disasterrecovery to restore the Unity database. We test that unity database is fully retored.
3. We use MSbackup utility restore message store. It looks restore is good. But when we look at the Exchange information storage we found every user has two mailboxes, one is diabled (a red cross on it))with mails, the other one is enabled but with no 0 mails. The consequnce of this is subscriber has no any old mail when they access their mailbox from phone. It's obivious that restored mailbox is not the one for that subscriber.
I think exchange restore doesn't find the user match the mailbox, that's why it created a second mailbox in the information store.
How can we solve this problem? I guess there is something wrong in our test precess.
One of the reasons I elected to use ExMerge for my message backup and restore functionality added to DiRT was for this very scenario - the built in backup that comes with Windows (build on a dumbed-down BackupExec engine) is not overly bright about how it handles existing mailboxes already there - it expects that it's creating mailboxes that don't already exist and if they're already there it behaves badly - I'm sure there are ways to clean this up but I'm not familiar with them.
the ICS guys tried to go this route as well and ran into many of the same problems - they ended up standardizing on DiRT as their backup and restore mechanism and using ExMerge built into it - it's not as fast a backup and the file sizes are bigger but it works more reliably - for their smaller systems that they target this worked out reasonalby well.
If you want to go this route I'd suggest trying to restore the Exchange mailboxes _first_ and then doing the DiRT restore of the Unity information after you've made sure the mailboxes are all working properly- DiRT is smart enough to handle attaching to already existing messages and/or creating them as new if necessary.
DiRT includes the SidHistory table in UnityDB's database in SQL - this contains a mapping between domain account SIDs and a local object Id of a subscriber for purposes of accessing the SA/AA/SM web pages for those accounts - it does not add any SID history info to the accounts in the directory if that's what you're asking...
We tried this way based our conversation: restored message store first and then restore unity with dirt utility, but we are still seeing two mailboxes. We'll try exmerge later.
I have a feeling that I may have to install my test server as a DC into customer AVVID prodiction and get all the AD accouts then take this server back into lab, then install unity , restore unity, blah, blah. My theory is that AD users and mailboxes that generated by dirt restore utility somehow doesn't have the same SID history ,or whatever, as those mailboxes which are restored by NTbackup, that's why they have duplicate mailboxes in the information store? So I think if I can have a replicated AD users from production, it'll be OK. What do you think?
No, your theory of the SID history doesn't hold water here...
The DiRT restore process I've explained several times out here but the short story here is it'll look for existing users by directory ID, RDN and then mail alias - SID History doesn't even come into play at all here - I suspect the restore of your mailboxes was not flying right before you ran the DiRT restore - this is why I wanted to you top at that point and make sure everything was cool _before_ running the DiRT restore - make sure all the AD accounts are there and the mailstores are OK and there's no redundant accounts etc...
If the mailboxes and AD accounts are correctly restored, DiRT will bind to them by alias and it should work fine.
Here is the further question:
How can we get the AD accounts? Restore exchange mailbox seems doesn't generate AD. That's why I am thinking we may need install this test server as a DC into production and get AD accounts replicated from production, then take this server down and restore Exchange?Does this sound good? Thanks.
We tried to use Dirt and exmerge today, no mailbox was restored, here is what I did:
1. Ran dirt to backup unity(inculding mail)
2. Installed a fresh unity server in the lab
3. Ran dirt(latest version) to restore both SQL and message
4. At the end of restore, I got one error message which is: error: cmbrestoreroutine:permission denied (I am surely use the same account as production service/install account)
5. Then I cheked the unity and it is fully restored. No problem at all.
6. But no mail at all(mailbox is in database because of dirt .(PST definetely already backed up when ran dirt on production)
7. I tried to run exmerge seperately after this, still no mail
Jeff, do you think I have to restore AD first before I ran dirt?Btw,I totally understand the way Dirt works. How can I restore AD if in this case: side by side restore and Unity is a DC in production? What does that error mean?
I'd have to see the log to know what the error is but the most likely issue here is the send as/receive as rights needed by ExMerge to restore those messages was not on all the mailstores for the account you were running with - I see this often. The fact that running ExMerge by itself also didn't work seems to bear that out. The ExMerge logs themselves would probably have more details.
I gave the account full control under the mailbox store of exchange system admin. Is this same as send as/receive as? If it's not, where can I configure that? Thanks.
Again, without seeing the exmerge logs themselves I'm just guessing - DiRT does some basic checks to see if the account you're logged in as has SA/RA rights on the mailstores when you select to restore messages but if you have multiple stores it's possible to run into trouble still.
The one way to be sure is to create a new account that's a member of only the local admins group and the Exchange Domain Servers group and nothing else - then try running ExMerge by itself to see if you can restore the messages - if that doesn't work I don't know what else to suggest without seeing the ExMerge logs - either way, this is well outside the scope of DiRT itself - you need to figure out why ExMErge is failing to run here. More often than not it's related to rights on the mailstore... I've see a _lot_ of these problems that are resolved by creating the account as described as above.
Jeff, to simplify your troubleshooting, I just used exmerge to import one user for test. Here is the exmerge log. Thanks
Microsoft Exchange Mailbox Merge Program, v4.00.021
Start Logging:February 15, 2003 16:44:35
[16:44:35] Logging Level: Minimum
[16:44:35] The log file specified in the .INI file (D:\Feb13 backup\ExMerge.log) is invalid or inaccessible. Using this default log file instead.
[16:44:35] Reading settings from file 'C:\Program Files\Exchsrvr\BIN\EXMERGE.INI'.
[16:44:35] Accessing Domain Controller 'UNITY'
[16:44:35] 'UNITY' is running Exchange Server 2000 or later
[16:44:35] Destination server read from settings file is 'UNITY'.
[16:44:35] Reading list of subjects for messages to be selected from file ''
[16:44:35] Reading list of attachment names for messages to be selected from file ''
[16:44:35] List of folders to be processed has been read. 0 folders in the list.
[16:44:35] Current machine locale ID is 0x409
[16:44:35] Command line received:
[16:44:35] Processor architecture: Intel
[16:44:35] Operating System Version 5.0 (Build 2195)
[16:44:39] Accessing Domain Controller 'UNITY'
[16:44:39] 'UNITY' is running Exchange Server 2000 or later
[16:44:39] Searching the Active Directory for mailboxes homed on the following databases:
[16:44:39] CN=Mailbox Store (UNITY),CN=First Storage Group,CN=InformationStore,CN=UNITY,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=unity,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mcap-unity,DC=com
[16:44:39] Getting user information from Global Catalog server 'unity.mcap-unity.com'.
[16:44:39] Found 241 mailboxes, in the Active Directory, homed on the specified databases.
[16:44:40] Successfully initialized MAPI.
[16:44:40] MAPI Logon successful.
[16:44:40] Getting list of mailboxes on the server.
[16:44:41] Number of mailbox records read: 79. (CMapiSession::GetMailboxesOnServerFromPrivateIS)
[16:44:41] Finished getting list of mailboxes.
[16:45:04] Using attribute 'PR_MESSAGE_DELIVERY_TIME' for date operations.
[16:45:04] Merging data into target store. The program will copy only those messages that do not exist in the target store.
[16:45:04] Associated folder data will NOT be copied to the target store.
[16:45:04] Using 'English (US)' (0x409) as the default locale (Code page 1252)
[16:45:04] All mailboxes will be processed, regardless of locale
[16:45:04] Program will use 1 worker threads
[16:45:04] Initializing worker thread (Thread0)
[16:45:04] Using locale 0x409 and code page 1252 to connect to mailbox
[16:45:04] Merging data from file 'C:\TEMP\IMAGE\FEB13 BACKUP\MESSAGES\STEVEYANO.PST' to mailbox 'SteveYano' ('STEVEYANO') on server 'UNITY'.
[16:45:04] Successfully initialized MAPI.
[16:45:04] Error configuring message service (MSPST MS) (UNKNOWN ERROR) (CMapiSession::CreateEMSPSTProfile)
[16:45:04] Errors encountered. Copy process aborted for mailbox 'SteveYano' ('STEVEYANO').
[16:45:04] Number of items copied from the source store for all mailboxes processed: 0
[16:45:04] Total number of folders processed in the source store: 0
[16:45:04] 0 mailboxes successfully processed. 1 mailboxes were not successfully processed. 0 non-fatal errors encountered.
[16:45:04] Process completion time: 00:00:00
Well... I don't know what that "Unknonwn Error" would be there configuring the message service - haven't seen that one (it's not the same error you'd get with a permissions issue) - Can you open the mailbox of any of these users with Outlook? Are you sure those accounts have properly functioning mailstores associated with them?
Beyond that I'm not sure what to suggest beyond contacting Microsoft...
I logged on to unity domain using this test account Steveyano. I did get an error message saying that" you don't have permission to access the pst file" when I wanted to add this pst file (backed up from production using dirt)into this account's outlook profile.But I checked that group "everyone" has the permission to this pst file. I even added Steveyano to have the permission to this file manually. Still same error message. What's the suggestion?