none
Unable to update Mailbox SD in the DS. Mailbox Guid .... Error Code 0x8004010f (Archive Mailboxes)

    Question

  • On Exchange 2010 RTM, I moved several mailboxes into a new mailbox database on the same server.  Now, every so often, I see Event ID 9554 in the event log.

    I saw two KB articles http://support.microsoft.com/kb/322308 and http://support.microsoft.com/default.aspx/kb/555433/en-us, and they say to make sure inherit security is checked on the user objects.  They are. 

    When I look at the GUID's they all correspond to the ArchiveGuid on the mailboxes.  So it looks like some security item needs to be reset/updated.  What's the correct way to do this; what should the default security settings be on the archive box?  Disconnecting/reconnecting the archive didn't help.
    Wednesday, November 11, 2009 2:11 AM

All replies

  • Sorry, have to ask.... did you run through the /prepareAD, /preparealldomains  with setup? Did the Exchange setup logs show any failures?
    Brian Day: MCSA 2000/2003, CCNA, MCTS: Microsoft Exchange Server 2010 Configuration, Overall Exchange/AD Geek.
    Wednesday, November 11, 2009 2:36 AM
  • Yes, and no failures.  I didn't see this warning either with the RC or RTM until I created a new Mailbox Database and moved all mailboxes over to the new database.
    Wednesday, November 11, 2009 2:48 AM
  • Any update on this?  I'm still seeing warnings in the log every 30 min, one per Archive box.
    Monday, November 16, 2009 10:52 PM
  • Still nothing on this?  I'm still getting it even with UR1.  I guess I'll have to open a ticket with PSS then.
    Thursday, December 17, 2009 12:29 PM
  • Still seeing this....any updates...anything?
    Sunday, February 14, 2010 8:19 PM
  • I can confirm this is also happening our several of our exchange servers.

    Typical permissions look good, default mailbox is operational, just seems to be associated to the archive mailbox.

    Anyone with updates on this one?

    Friday, March 19, 2010 6:13 AM
  • We're also having the same issue on mailboxes moved locally to different databases as well as to other servers with different DAGs.
    I can't find any information on the issue, i'm assuming there are few who have actually run into this yet.

    Anyone with any suggestions?

    Friday, March 19, 2010 6:16 AM
  • Microsoft has confirmed they will be releasing upgrades in SP1 which allow archive and host mailbox to be stored in separate databases. Although that will fix this issue indirectly, it still doesn't isolate the cause when moving a mailbox with attached archive as it states in the docs the archive follows.

    Saturday, March 27, 2010 8:00 PM
  • Try the below Links

    http://support.microsoft.com/kb/322308

    http://support.microsoft.com/kb/555433

    I'm also facing the same problem but trying to resolve with the above Url's, will update the status soon :).


    Hari Bylapudi
    Friday, April 09, 2010 5:08 AM
  • Try the below Links

    http://support.microsoft.com/kb/322308

    http://support.microsoft.com/kb/555433

    http://www.flobee.net/convert-a-mailbox-guid-to-the-user-and-display-name/

    I'm also facing the same problem but trying to resolve with the above Url's.. Strange thing i couldent find a Mailbox or a user account with that GUID, but still receiving the warning.. Hope there's a solution for this!!!!!!!!!!!


    Hari Bylapudi
    Friday, April 09, 2010 5:38 AM
  • We are also having the same problem.

    We moved all mailboxes from one db to another db in the same server and deleted the old db.

    We couldnt find the GUIDs, but they are likely to be the only 2 mailboxes which have arhive mailboxes.

    Started only after the move and just noticed their archive mailboxes are not available now.

    Any advise?

    (The old db was deleted from exchange but db files and logs are still in the disk)

    Thanks

    Deniz

    Wednesday, April 21, 2010 10:51 AM
  • Sorry, noticed that the archive mailboxes are available and accessible.

    Not sure why the exchange server is still logging the 2 warnings

    Unable to update Mailbox SD in the DS. Mailbox Guid: 51773779-b332-4825-926d-efb17c7c49b1. Error Code 0x8004010f

    Unable to update Mailbox SD in the DS. Mailbox Guid: c3b27d37-b17f-47a2-b411-2803ed70c229. Error Code 0x8004010f

    have you found a way to stop these warnings logged or resolve the issue?

    Thanks

    Deniz

    Wednesday, April 21, 2010 10:58 AM
  • Just want to say that we are also getting this error after moving mailboxes to other databases.  I cannot determine if the guids in the errors are archive mailboxes.  Is there a way to confirm this?  I've tried the adfind utility but none of the guids resolve to AD objects.

     

     

     

    Thursday, May 06, 2010 2:45 AM
  • I'm also seeing this issue in my EventLogs... any fix yet?
    Monday, July 26, 2010 7:16 PM
  • In my case this event occours when I add a user to another users mailbox in EMC "Manage Full Access Persmission". Besides this warning, full mailbox access works.

    Tuesday, December 14, 2010 9:40 AM
  • Sounds interesting...

    Can you post the entire error message or this is the entire error message?


    Gulab | Skype: gulab.mallah
    Tuesday, December 14, 2010 9:51 AM
  • Event 9554, MSExchangeIS

    Unable to update Mailbox SD in the DS. Mailbox Guid: 3249fcc8-3e32-4100-bc33-6cad8da4d4b6. Error Code 0x8004010f

    This is just it....

    Tuesday, December 14, 2010 10:03 AM
  • Thanks for the prompt POST,

    To me it seems like a BUG, do you have SP1 running on the server?
    What happens when you create a new mailbox, do you get the same error message or Event ID?

    Try create Test Mailbox Database and let me know if you are able to create it or you are getting error!


    Gulab | Skype: gulab.mallah
    Tuesday, December 14, 2010 10:07 AM
  • Have guys looked at it....i know its for 2003
    http://support.microsoft.com/kb/555433
    Gulab | Skype: gulab.mallah
    Tuesday, December 14, 2010 10:11 AM
  • I am running SP1 with the latest updates. I can create mailboxes without any error or warning.

    The KB555433 says you have to check:

    "Allow inheritable permissions from parent to propagate to this object"

    on the affected user, but it already is set.

    Tuesday, December 14, 2010 10:22 AM
  • This is happening under the following circumstances for me:

    exchange 2010 user native or migrated sending to an exchange 2003 user.

    immediately get an NDR saying "there is a problem with the recipient's mailbox".

    The error above is logged in the exchange 2003 backend server event log. therefore easy corrolation. i think this is related to the 9776 errors with the mapi-x headers.

     

    I also need a solution. any suggestions?

    i will be upping the header size this evening to see if it works

    Tuesday, December 14, 2010 7:16 PM
  • Unable to update Mailbox SD in the DS. Mailbox Guid: a8c3e0fd-92bc-4a1a-b042-705b29dc74f1. Error Code 0x8004010f

    This seems to have happened out of nowhere and not sure yet which mailbox it might be.

    Glad to see I'm not the only one ;)

    I'll see what I can find and post back - Cleint has one exchange server 2007. Theres a FAX MB  that has been in place for at least 6 months that the CSRs use and share to pickup incoming faxes  -thats the only account I know of that relates to some of these posts about full access etc. I've seen here.

    This message just started a few days ago maybe an update applied of the weekend triggered this?? just my thought...

    Thanks in advance.

     

    Wednesday, January 19, 2011 2:38 PM
  • Hi

    When connecting a user on a shared mailbox with archive (exchange 2010 server) , the error message "Unable to update Mailbox SD in the DS" is raised.

    the user can access the shared mailbox and its archive, but can't send mail from the shared mailbox. it is said that user do not have suffisent rights to do this.

     

    any solution/update about this problem ?

    Thanks

    Tuesday, February 08, 2011 10:55 AM
  • Did you ever fix this? we have the same issue?
    Monday, March 21, 2011 9:32 PM
  • Hi,

     

    I know this could be completely irrelevant. I've reconnected a disconnected Mailbox to an existing user on Exchange 2007 and got the same error message.

    In my message on Exchange Management Console, was a part that said the change will not be updated until directory synchronization has occurred.

    I've forced directory replication between my domain controllers and the mailbox and everything was visible and accessible without any problems. Nor did I see the error message again.

    I hope this helps someone, especially if you have multiple domain controllers in your environment.

    Cheers.


    Kobus
    Tuesday, March 22, 2011 5:02 PM
  • Since this thread was not yet marked as solved, I thought I would add my 2 cents:

    Most likely, you're getting these errors as the result of Exchange attempting to add a permission/attribute to a user account that is/was a member of a protected group (i.e., the classic "AdminSDHolder" problem).  Of course the best practice recommendation is not not assign mailboxes to these users in the first place, but usually that advice is a little too late.

    So, here's what I usually do in this situation.  You can download the ADFind utility and identify each user individually OR you can create a custom query in ADUC that will identify these users and all users that have the AdminSDHolder flag set on their account (saves you a few steps).  Here the custom query string:  

    ADUC Query for Affected Users

    (objectcategory=person)(objectclass=user)(admincount=1)

    This just gives you info on who is/might be affected, thus generating the event log entry in Exchange.  If the user account is rightly a member of a protected group, when you reset the adminCount flag and enable inheritance, these settings revert back in 1 hour.  If Exchange doesn't try to update the user account permission or add an object (i.e., adding a mobile phone for activesync, etc.), then you are back to square one.

    You can run the script listed on this MS KB:  http://support.microsoft.com/kb/817433

    Any user who is no longer a member of a protected group will have their account fixed (adminCount=0, inheritance enabled).  Any user is still is a member of a protected group will have their account fixed for 1 hour; initiate any changes or testing within that hour to have them stick.

    • Proposed as answer by adns_jeremy Thursday, May 19, 2011 4:20 PM
    Thursday, May 12, 2011 3:42 PM