ISSUE: The account does not have permission to impersonate the requested user

Last modified:

Overview

During the Mail Archive Migration Synchronization step, the error below is seen when reviewing the Onboarding Progress > Archive progress Page. 

"The account does not have permission to impersonate the requested user"


Image 145


Cause

There are a few causes for this error:

1. When the mailbox we are trying to migrate EV data for is still on-prem.  In order to process data in this scenario, the "Application Impersonation" role must be assigned to Exchange Admin account used for migration and a SQL update is required. 


2. For some reason, mid-way through the data migration, the issue has presented itself due to the isO365Archive value in SQL showing as 'Null".  In this case, the value needs to be updated to a 1.  See script below. 

Solution

1. Assign the "Application Impersonation" role to Exchange admin account using the following powershell command:


New-ManagementRoleAssignment –Name:CFApplicationImpersonation –Role:ApplicationImpersonation –User: <exchange onprem admin account>


The following query is also required:  update mailboxes set isO365Archive=1 where userprincipalname = 'user@mydomain.com'


2. If the target is an O365 mailbox, confirm the mailbox has been successfully migrated.  If yes, rerun the Exchange Endpoint synchronization to update this information in the EVComplete database and then select the user on the Archive Progress page and click "Reset Mailbox level error".  



    Is this article helpful for you?
    Issue: 'Message Conversion Error' during Mail Archive migration synchronization
    HOW TO: Deal with BadItemLimits
    Customer support portal powered by UserEcho