08-08-2014 09:51 AM
IEMSTest - OpenMsgStore() for this profile failed (8004011d) - Exchange 2013
Here's the situation.
We have two new Exchange 2013 server (CAS array) on Windows 2012R2. Mailboxes have just been migrated from Exchange 2010.
We want to deploy a BlackBerry Entreprise Server for those users on Windows 2008R2sp1. We will have integration with Lync 2013 too.
No BES before.
I have read the BES for Exchange Installation and Configuration Guide. This one is not for Exchange 2013 but ...
I have read the KB33406.
MAPI/CDO 1.2.1 (v6.5.8320) installed.
As per KB02276, permissions given :
- BES service account is created (no Domain Admin rights) and has a mailbox on Exchnage 2013. Let's call it BESADMIN.
- BES service account is member of the Administrators local group of BES server and has logon, run as a service rights.
- Send As permissison has been given to this service account from ADUC at the domain level and for Descendant User objects.
- Besadmin has role "View-Only Organization Management".
- This user has Exchange permissions Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible on all mailbox datastores.
- A new Throttling Policy has been created with RCAMaxConcurrency=Unlimited and EWSMaxConcurrency=Unlimited.
Set "Ignore No PF" registry key to 1.
Set RPCHTTPProxyMap_BES to *=https://mail.domain.com
HomeMTA attribut populated.
Now, as I understand, at this point and before I install BES, I can verify if this account has necessary rights on mailboxes. Am I right ?
So, I run IEMSTest.exe (from Bundle 0160).
Entering server name (ExchangeGUID) and user account, seems to be ok.
Result : OpenMsgStore() for this profile failed (8004011d)
A new Throttling policy has been recreated and applied to this account. Same result.
I have read other posts similar but haven't found what can causes this.
What I have missed ?
Thanks for your support.
08-11-2014 02:27 PM
Ive been having the same joy you had.
First hurdle was getting MAPI to pickup the guid, ntlm,ntlm,true at the end of the RPCHTTPProxyMap_BES fixed that (thanks to your earlier post) then ive been trying to sort the 0x8004011d error.
I have one Exchange 2013 CU5 server but has setup the CAS. In the RPCHTTPProxyMap_BES ive been using https://cas.domain.local,ntlm,ntlm,true and IEMSTest was failing with the 0x8004011d error, change to https://servername.domain.local,ntlm,ntlm,true and IEMSTest worked, restarted the controller service and no errors. Restarted the server and will check my BB tomorrow. (Think i had already installed the Cert for servername.domain.local as well.)
All my traittool settings are set to cas.domain.local
08-12-2014 04:02 AM
Thanks a lot for your reply.
I have a wildcard cert (*.domain.com) in the Trusted Root Certificate store.
I tried with RPCHTTPProxyMap_BES : *=https://mail.domain.com,ntlm,ntlm,true
I tried with RPCHTTPProxyMap_BES : *=https://mail.domain.local
Result : Network problems are preventing connection to the Microsoft Exchange Server / Name could not be resolved
I tried with RPCHTTPProxyMap_BES : *=https://mail.domain.local,ntlm,ntlm,true
and with RPCHTTPProxyMap_BES : domain.com=https://mail.domain.com,ntlm,ntlm,true;domain.loca
Still have 0x8004011d error
But, I do not have a certificate for mail.domain.local. Maybe, I have to look at it.
For the Exchange Server Name, I use <guid>@domain.local
Am I right to say that IEMSTest should pass before I install BES ?
08-12-2014 04:13 AM - edited 08-12-2014 04:14 AM
I found i needed the ntlm,ntlm,true before it would accept the GUID.
If you still get certificate errors for the ews/exchange.asmx and owa try adding to trusted sites and adding the certifcate.
From what i can see its as if that error wasn't permission based it was simply the RPC not pointing at the right place although Outlook uses the CAS as the Proxy and the internalhostname from the RPC guide (task1, step4) was cas.beaumont.ckl.local.
I installed BES without passing IEMSTest.
Did you install the update files for BES Express? Not sure if that affects IEMStest.
I'm also on the 6.5.8320.0 CDO.
08-19-2014 10:15 AM
No more problem with the certificate. No need to install update as it is not an Express edition.
Finally, it seems that I was using the wrong server name.
I was using <exchangeguid>@domain.local in the profile.
Since we moved from Exchange 2010 to Exchange 2013, I must use <exchangeguid>@domain.com.
The same thing for the DNS name. In our configuration, the name mail.domain.local is not valid anymore and should not be used.
Task 6 of KB33413, pushed me in error. UPN for BES account is still with @domain.local, but the server name should be @domain.com.
Maybe, this internal name and the UPN part that are not the same are specific to our Exchange configuration.
So, now, I can view all mailboxes.
Thanks to have passed some time on this.