Troubleshoot the data migration service

There are 2 types of issues you might see when using the data migration service—blocking and non-blocking.

Expand all  |  Collapse all

Blocking issues

Blocking issues prevent the migration of user accounts. They usually occur if you specify an incorrect username or password when you set up migrations from IMAP environments. Or, you might get them if your Microsoft Exchange administrator account lacks certain privileges.

How to fix blocking issues

Migrating from an EWS environment (Exchange 2007 & later)

If you encounter problems when migrating from a Microsoft Exchange Web Services (EWS) environment, verify:

Step 1: Servers can reach and recognize EWS

Select the Synchronization, Notification, Availability, and Automatic Replies option on the Exchange Server tab in the Microsoft Remote Connectivity Analyzer tool to verify that servers can reach and, through the Autodiscover service, recognize EWS.

Step 2: The logs show the data migration service can communicate with Exchange

Check the Exchange server Internet Information Services (IIS) logs for the SyncFolderItems call with response code 200.

Step 3: AD Conditional Access policies

Check whether you’re using Conditional Access policies on your Microsoft Active Directory. If so, turn off the policies and try migrating again. For more information, consult your Microsoft documentation.

Step 4: Exchange impersonation

For more information, consult your Microsoft documentation on how to set up Exchange impersonation.

Step 5: TLS certificates

Verify your TLS certificates are signed and valid. For details, go to Set up your TLS certificate.

Step 6: Exchange user account

Verify the Exchange user account is a valid account and the mailbox is turned on. Also, check that the Exchange mailbox isn't corrupt.

Step 7: Migration client ID

Verify that the following service account client ID appears in the list of clients that have access to mail and migration APIs:

955661971872-ie97v0ns6ndb19rbr9nlpkahpmfk9ugf.apps.googleusercontent.com

To check the client ID:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu ""and then"" Securityand thenAccess and data controland thenAPI controls.
  3. Click Manage Domain Wide Delegation.

    The client ID should be listed under API clients.

  4. If the client ID is not listed, click Add new and enter 955661971872-ie97v0ns6ndb19rbr9nlpkahpmfk9ugf.apps.googleusercontent.com.
  5. For OAuth scopes, copy and paste the following comma-delimited list of scopes:

    https://mail.google.com/,
    https://www.googleapis.com/auth/email.migration,
    https://www.googleapis.com/auth/gmail.insert,
    https://www.googleapis.com/auth/gmail.labels

  6. Click Authorize.
  7. Point to the new client ID, click View details, and make sure every scope is listed.

    If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

Step 8: The relevant Google service

Check that you turned on the target Google service (Gmail, Contacts, or Calendar). For details, go to Turn a service on or off for Google Workspace users.

Step 9: The super administrator

Check that a super administrator is assigned to the Google Workspace domain.

Step 10: Server gets connections from Google mail servers

For details, go to Google IP address ranges for outbound mail servers.

Migrating from IMAP, Gmail, or a Google Workspace account

Blocking issues when migrating from an IMAP server, Gmail, or a Google Workspace account might indicate an obstacle accessing the mailbox. Try to access the mailbox using an IMAP email client such as Mozilla Thunderbird, Apple Mail, or Microsoft Outlook. Doing so ensures the mailbox has IMAP access and that you have the correct username and password.

If you still have issues, confirm:

Step 1: Migration client ID

Verify the following service account client ID appears in the list of clients that have access to mail and migration APIs:

955661971872-ie97v0ns6ndb19rbr9nlpkahpmfk9ugf.apps.googleusercontent.com

To check the client ID:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu ""and then"" Securityand thenAccess and data controland thenAPI controls.
  3. Click Manage Domain Wide Delegation.

    The client ID should be listed under API clients.

  4. If the client ID is not listed, click Add new and enter 955661971872-ie97v0ns6ndb19rbr9nlpkahpmfk9ugf.apps.googleusercontent.com.
  5. For OAuth scopes, copy and paste the following comma-delimited list of scopes:

    https://mail.google.com/,
    https://www.googleapis.com/auth/email.migration,
    https://www.googleapis.com/auth/gmail.insert,
    https://www.googleapis.com/auth/gmail.labels

  6. Click Authorize.
  7. Point to the new client ID, click View details, and make sure every scope is listed.

    If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

Step 2: The relevant Google service is turned on

Check that you turned on the target Google service (Gmail, Contacts, or Calendar). For details, go to Turn a service on or off for Google Workspace users.

Step 3: A super administrator is assigned

Check that a super administrator is assigned to the Google Workspace domain.

Step 4: Your server gets connections from Google mail servers

For details, go to Google IP address ranges for outbound mail servers.

Non-blocking issues

Non-blocking issues prevent some, but not all, messages from migrating. You might have message-level errors (where a single message hasn't migrated correctly) or folder-level errors (where an entire folder hasn't migrated).

How to fix non-blocking issues

If non-blocking issues or errors occur, request a domain migration and item error report. For details on migration reports, go to Monitoring a data move.

Then, try troubleshooting non-blocking issues.

Troubleshoot missing messages

Step 1: Check your setup steps

If you have a blocking issue, check that you completed the steps to Prepare your source account.

Then, try the migration again. If the problem persists, use the blocking issues steps above to troubleshoot.

Step 2: Check for the email header

If some email messages seem to disappear after a migration, perform the following search to make sure the email isn't mislabeled:

  1. Get the Message-ID of the email from the legacy account. The Message-ID of an email is found in the message header. For details, go to Trace an email with its full headers.
  2. Search for the Message-ID header in the new account using the rfc822msgid: Gmail search operator. For details, go to Search operators you can use with Gmail.

Step 3: Additional checks

If you still can't find the email, perform the following checks:

Troubleshoot missing email folders

If you have an email folder missing after a migration, contact your source email service provider for help with resolving the issue with the folder.

If the issue can’t be resolved, you could delete the folder and run the migration again. Any email messages contained within the folder are also deleted, however.

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false
false