I V2V a Hyper-V guest in production running Exchange 2007 to ESXi 4.1 last night. Today I discovered that while the exchange works, I am not able to add new organizations and mailboxes to it. Been reading a little about the subject, and if I understand it correctly the SID has been changed, and therefor the trust between the AD and the Exchange server has been broken. It's to me a mystery users are able to use it at all then.
I have no prior experience of setting exchange up, so I'm willing to cross fire in order to get it working without doing a fresh install (using 'setup.exe /M:RecoverServer'?). From what I understand, I have about the following options:
Get old SID from old Hyper V based server and either change SID on the vmware exchange 2007, or change SID for the exchange in the AD. People seem to generally thing this is a world of trouble, but is it doable? I wouldn't be scared to test it out, I can always revert to snapshots of the virtual machine. Other Pros and Cons?
Re-install windows and exchange using the RecoverServer switch. Benefits would be R2 of windows 2008, and getting to know exchange in the process. But I know just a simple replacement of a ssl certificate was a hassle, and apparently we have loads of custom local rules because of the integration with (the now discontinued) DotNetPanel and the hosted exchange nature. To my knowledge, the DotNetPanel server binaries are no longer available, so it would also require us to fully test and then migrate 15 servers to WebSitePanel in production.
Reattach the mailbox databases to the old exchange 2007, and not being able to move from Hyper V on HP MSA hardware. Leave it be, move on and forget? :)
Throw in the towel and either get Microsoft support, or simply invest (a lot) in hiring a consultant.
Edit: The error message when creating a new mailbox is something like "Address list service failed". Will check the exact message when I arrive at work tomorrow. My apologies for not including it.
Edit 2: It's clearly not because of a change of SID, I will move this to a new post instead as the problem is completely unrelated to (a change of) SID. new thread here
So what are the errors you're actually experiencing, and how have you established that your migration changed the machine SID? I ask this because if it has, this is the first time I have seen this happen (simply moving a VM from one host to another doesn't, or at least shouldn't do this), so my first thoughts would be to look elsewhere for what the real problem actually is.
As for your recovery options:
Changing the SID makes me uncomfortable on an Exchange Server. Even if you can establish that this is the fault and change it back without causing a crash then I'd be unhappy to continue using that server. The other proposed solutions don't fill me with joy either (possibly because I don't understand what 15 dotnetnuke servers has to do with exchange)
At this point, I'd maybe see if I could add another mailbox role server to the exchange organisation then attempt a move mailbox. If that works then all should be gravy. If not then (this may scale badly depending on number of users, but its "dumb" enough to work pretty much no matter what) consider exporting mailboxes to a PST and then importing to a new mailbox server.
Edit
Just as a point of interest, what happens when you run the exchange best practices analyser on that server (and if present, another exchange server in the org)? That might shed some light on what has happened, and if its a common scenario then Microsoft are pretty good at linking to useful knowledge-base articles directly from the exchange BPA reports.
Secondly, just a silly point, you have checked all the usual name resolution of DCs is ok, that the time/date/timezone are correct, etc (seriously, time getting out of sync can be a big problem with virtual machine guests, and the time being wrong will make active directory pull a sad face when exchange tries to talk to it).
As others have said, a P2V or V2V migration is not supposed to change the SID of the migrated computer, for the exact reason you're experiencing: it would not be anymore a working domain machine after completing the process, and this is not only a trouble for Exchange, but for anything running in a domain environment. So, unless someone or something ran Sysprep or NewSID or whatever on the machine, its SID should not have changed at all. Out of curiosity, how was the migration accomplished exactly?
That said, determining if this actually is the source of your problem is fairly easy: just have a look in the computer's event log for Event 5513 from the Netlogon service, as described here: http://support.microsoft.com/kb/150963; or for any other domain-logon-related errors: there should be plenty of them, if the trust relationship between the computer and its domain has actually been broken. If you can't see any, then a changed SID is very likely not your problem.
Sounds like the computer account is screwed up. I wonder what would happen if you stopped Exchange, took the server out of the domain, added it back in and rebooted? Can you put the virtual disk in differencing mode while you test this?