Error synchronizing message 'OBA Settings' after installing HF1 / SP1

  • Article

This was an interesting issue I encountered when troubleshooting a Duet 1.0 client after installing HF1 (the update from the following article):

928954    Description of the Duet for Microsoft Office and SAP hotfix package: December 3, 2006
https://support.microsoft.com/default.aspx?scid=kb;EN-US;928954

Symptoms:

------------------------------------------

After installing Duet HF1, deployment fails and clients become "secondary" Duet clients. We also saw an error message created in Outlook’s "Sync Issues\Local Failures" folder with information similar to the following:

Error synchronizing message 'OBA Settings'

                [80070005-508-0-1380]

                You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator

                Microsoft Exchange Server Information Store

 

Analysis:

-------------------------------------------

This synchronization error means we did not have permission to synchronize an item from Outlook’s offline cached store to the online Exchange Server store.

We identified that this failure is specific to attempting to create custom field (or Named Properties) in the Exchange store.  One of the key changes in Duet 1.0 HF1 is a change in how the Primary Machine IDs are handled and includes the addition of a new field, called PrimaryMachineIDV2, to Duet’s "OBA Settings" message which is stored in the hidden "OBAControlMessages" folder in the user's mailbox. After a successful install of HF1 the OBA Settings message should contain both a PrimaryMachineID field and PrimaryMachineIDV2 field. But, due to the failure we only saw the original PrimaryMachineID property on the "OBA Settings" message in the OBAControlMessages folder. If we looked at the "OBA Settings" message that ended up in the "Sync Issues\Local Failures" folder we could see both custom properties.

NOTE: The tool MAPI Editor can be used to see the fields on the OBAControlMessages folder.

Based on this information we were able to find a repro that didn't involve Duet. We did this by adding a custom field to a simple test item following these steps:

1. Open an existing test message from your inbox.

2. Enter design mode (Tools -> Forms -> Design This Form)

3. Select the "All Fields" page of the form.

4. Click the "New…"  button, provide a name for the new field, and click OK.

5. Type some text into the "Value" column for the new field.

6. Close and save the item.

If Outlook is in Online Mode (instead of cached mode) we will immediately get the error: "The Operation Failed" when trying to save the item. In cached mode we will get the error mentioned above in the "Sync Issues\Local Failures" folder.

This behavior is what we expect if a Deny permission has been set for the ability to "Create named properties in the information store" on the Exchange Server.  By default the "Everyone" group should be allowed to "Create named properties in the information store" at the Organizational level and this is required both for Outlook and applications like Duet to function properly.

Resolution:

-----------------------------------------------

In this case, no Deny was set, but we found that inheritance of the "Create named properties in the information store" permission had been broken just below the Organizational level.

At the bottom of the "Security" dialog we removed the check from the option labeled "Apply these permissions to objects and/or containers within this container only". This setting was blocking the required inheritance and once that was removed and the information store was restarted, the problem was resolved.

Here are the steps to remove the setting:

1. To check the permission at the Organization level we needed to enable the following registry key, which will display the "Security" tab on all Exchange objects:

                HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin

                ShowSecurityPage: 0x1    (REG_DWORD)

                This is documented in:259221 - XADM: Security Tab Not Available on All Objects in System Manager

2. Right-click on the Organization object in Exchange System Manager and choose "Properties"

3. Select the "Security" tab.

4. Click on the "Advanced…" button.

5. Sort by the "Name" column.

6. Find the entries for "Everyone" and select the Permission labeled "Create named properties in the information store".

7. Click the "Edit" button.

8. Make sure the following checkbox at the bottom is not checked: "Apply these permissions to objects and/or containers within this container only"

9. After making the change, restart the Exchange information store service if you wish to refresh the permissions immediately.