SOLVED: Export-Mailbox Error -1056749164, MAPI or an unspecified service provider

I use PowerShell to backup or archive mailboxes to PST files at work, and I use the command Export-Mailbox on a client computer to get the items from Exchange 2007. My aliases are in a CSV file so that I can export in batch.

But yesterday I had an unusual error for one of the mailboxes (yes, the big boss mailbox). The exact error, which doesn’t tell much (you can find it in the log here: C:\Program Files\Microsoft\Exchange Server\Logging\MigrationLogs), was this:

MAPI or an unspecified service provider. ID no: 00000000-0000-00000000, error code: -1056749164

After some searching, I figured out it was due to some permissions settings and I was able to get a list of them by running the following PowerShell commandlet: Get-MailboxPermission.

In the list, it was obvious that some “Deny” permissions were taking precedence over the “Allow” permissions. I ran the Remove-MailboxPermission PowerShell commandlet on the mailbox, but the error was still there:

Remove-MailboxPermission -Identity <mailbox user> -User <admin user> -Deny -AccessRights FullAccess -InheritanceType All

Since the “Deny” permissions were inherited, I had to break the inheritance first, and that was a bit more tricky than I thought. Thanks to Jesper Bernie for providing a detailed answer on forum:

  1. Go to the Start menu on your Exchange Server and in “Search Programs and Files” type in “ADSIEdit.msc“.
  2. Click on ADSIEdit.
  3. Choose Action -> Connetc to …
  4. In the Connection point area, click ‘Select a well known Naming Context’ and choose ‘Configuration’ from the Drop Down Menu.
  5. Hit OK
  6. Browse down to Services\Microsoft Exchange\<Name of your Exchange Organization>\Administrative Groups\Exchange Administrative Group (FYDIBOHF23SPDLT)\Servers
    From there you will find your Exchange Servers and below them all of the databases. Since we don’t know where the initial security setting is added, we need to do some investigation.
    What you’ll need to do, is to right click on, let’s say the “Server” object, and choose “Properties”. Go to the “Security” tab and locate the User which permissions you want to modifiy.
    If the check boxes are grayed out it just means that the permission setting is inherited from somewhere above. If so, then hit the “Advanced” button. Luckily ADSIEdit shows you from where by looking in the column “Inherited from”. Go to that location and alter as needed.

Those setting were set when we were still on Exchange 2000 a long time ago and have been carried on to Exchange 2007, but were invisible in the graphical user interface (Exchange Management Console). I can now export to PST successfully.

I hope this helps.

This entry was posted in Exchange, HOWTO, PowerShell and tagged , , , , , , , , , , , , . Bookmark the permalink.

3 Responses to SOLVED: Export-Mailbox Error -1056749164, MAPI or an unspecified service provider

  1. Brett L says:

    Wow, I’ve been racking my brain over this same export-mailbox problem, and this fixed everything! Had inherited Deny permissions for the admin groups everywhere.

    Thanks for writing this up!

  2. Dan says:

    Wow, indeed! Thank you. 2014 and this post is still super helpful. Even as the domain “administrator” the account had inherited Deny permissions… completely resolved, thank you!

    …any idea why those deny permissions would be there? It sounds as if that’s a default. This was Exchange 2007 on Server 2003 r2 Standard by the way.

    Thanks again!!

  3. Mike says:

    Installing Office 2003 fixed this for me as attempting it with Office 2007 continued producing the error.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s