Error: 'Could not find Exchange key on target server [HR=0x00000005].' (NETIQKB36670)

  • 7736670
  • 02-Feb-2007
  • 17-Oct-2007


Exchange Migrator 2.x

Error: 'Could not find Exchange key on target server [HR=0x00000005].'

Your migration account does not have remote registry access to the target Exchange server.


To resolve this error, grant the local Administrators group Full Control to the Winreg registry key on the target Exchange server by performing the following steps:

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Make sure that you backup your Registry prior to making any changes.

  1. Verify the Remote Registry Service is running on the target Exchange server.
  2. Backup the registry of the target Exchange server. For more information, see Microsoft Knowledge Base Article Q256986
  3. Start Regedt32.exe on the target Exchange server.
  4. Expand the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg registry key.
  5. Select Winreg in the key.
  6. On the Security menu, click Permissions.
  7. Verify the Administrators group hasFull Control access to the registry key.
    1. Click Add and select the local Administrators group, if access is not present.
    2. Grant Full Control to the local Administrators group.
  8. Verify the Local Service local account has Read access to the key, if the target Exchange server is installed on Windows 2003 server or later.
    1. Click Add and select Local Service, if itis not present.
    2. Grant Read access to Local Service.
  9. Restarting the target server may be required for the changes to take affect after applying these permissions.

Note:  When granting access to target servers that are either domain controllers or member servers, consider the following:

  • If the target machine is a domain controller, grant Full Control to the local Administrators group of the target domain. 
  • If the target machine is a member server, grant Full Control to the local Administrators group of the target machine.  To add the local Administrators group of a member server, you need to manually type the name of the machine followed by the group name (Target_Server_Name\Administrators), or select the machine name from the Look In drop down box.

For more information, contact Technical Support at


Exchange adds the accounts which have been delegated permissions to the Exchange Organization to the security of the Winreg key with Full Control to 'This key only'. If the access account to Exchange has been delegated permission through a Global Group membership, the account performing the migration will not be allowed access unless the local Administrators group of the machine has permissions to this key, even though the Global Group appears on the permissions of the Winreg key. Granting access to the actual account used for the migration works, if it is granted Full Control to 'This key only' value.


For additional information, please reference the following Microsoft Knowledge Base articles.

Q256986 - Description of the Microsoft Windows registry;EN-US;256986

Q153183 - How to Restrict Access to the Registry from a Remote Computer;en-us;153183

Q315085 - XADM: The Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions;en-us;315085

Additional Information

Formerly known as NETIQKB36670