Exchange Services - Account
I had the following two problems while i'm installing e2007 beta2.
1.) Install Hub Transport Role:
ERROR: edgetransport (4364) Transport Mail Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
...and Setup fails.
After i've changed the "Log On As" Account from Network Service to Local System for the Transport Service it worked fine.
2.) Install Unified Messaging Role:
ERROR: The main service has no active SES workers available. New incoming sessions will be rejected until a new SES worker has started.
...Setup hang and did not finish.
Also here:
After i've changed the "Log On As" Account from Network Service to Local System for the Speech Engine it worked fine.
Now all Exchange Services run with the Local System Account.
Is this the right way or is it necessary that these Service should run with Network Service?
August 3rd, 2006 9:57pm
Hi,
Have a look at http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/41a34764-c276-49ed-b616-1e14cb0bda09.mspx, which details the services installed by Exchange 2007 Setup, including the security contexts. You don't want to change any of these settings, so if you have deviated from what this list says, you'll want to reconfigure the services back to their original settings.
If, after doing that, you still have problems, please post here and we'll try to get you going.
Thanks!
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2006 8:27pm
Now if i rechanged the context to NetworkService the following Errors occursin Eventlog:
1.) edgetransport (3408) Sender Reputation Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\SenderReputation\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
2.) Watson report about to be sent to dw20.exe for process id: 3408, with parameters: E12, c-RTL-AMD64, 08.00.0605.015, edgetransport, M.E.I.Interop, M.E.I.Interop.MJetInit, M.E.Isam.IsamFileAccessDeniedException, d812, 08.00.0605.014
3.) The following database is in use: QueuingDatabase. The service will be stopped. Exception details: Microsoft.Exchange.Isam.IsamFileAccessDeniedException: Cannot access file, the file is locked or in use (-1032)
at Microsoft.Exchange.Isam.?A0x625b9239.HandleError(Int32 err)
at Microsoft.Exchange.Isam.Interop.MJetInit(MJET_INSTANCE instance)
at Microsoft.Exchange.Transport.Storage.DataSource.InitInstance()
at Microsoft.Exchange.Transport.Storage.DataSource.OpenDatabase()
at Microsoft.Exchange.Transport.Storage.Messaging.Database.AttachInternal(String path, Boolean wipe)
at Microsoft.Exchange.Transport.Storage.Messaging.Database.Attach()
These are the errors i get during installation.
August 4th, 2006 9:34pm
Have you changed any of the default security settings for the file system (e.g., have you changed any NTFS permissions on this system)? If you're not sure, you can use xcacls or cacls to output the NTFS permissions and then compare them with another system.
As an aside, is this the first install of Edge Transport, or were there previous instances of Edge (or other Exchange 2007 server roles) installed?
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2006 7:53pm
Oh Yes. On all servers we set only administrators, backup operators and system for ntfs rights on the system-drive.
the error said that he could not access to C:\Program Files\Microsoft\Exchange Server\TransportRoles\data. Why he need access directly to c?
i think that it should work without that because he had rights to the directory he need.
August 7th, 2006 3:34am
erulez wrote:
Oh Yes. On all servers we set only administrators, backup operators and system for ntfs rights on the system-drive.
the error said that he could not access to C:\Program Files\Microsoft\Exchange Server\TransportRoles\data. Why he need access directly to c?
This is your problem. The account NETWORK SERVICE requires access to some of those directories. By changing the default system permissions, you likely replaced the existing ones, and Network Service got removed.
On my Exchange 2007 server, the account NETWORK SERVICE has been granted all rights *except* Full Control and Modify on the TransportRoles folder (and inheritance is turned on). If you go to the properties of your TransportRoles folder (C:\Program Files\Microsoft\Exchange Server\TransportRoles), is Network Service listed? If not, you need to add it back, and then the services will probably start just fine.
The same thing goes for whatever directory the UM role is complaining about.
Free Windows Admin Tool Kit Click here and download it now
August 7th, 2006 6:17pm
On the dir C:\Program Files\Microsoft\Exchange Server\TransportRoles\data the Network Service has change rights.
Butthe error already occurse if Network Service has no Right to C.
Why must have Network Service access rights directly set to c?
August 9th, 2006 12:56pm
That's not what the error states - the Network Service account should need no access to the root of C:. The error stated that the *volume* was C:\, and that it contained the folder c:\Program Files\Microsoft Exchange Server\TransportRoles\data\Queue - I'llquote the relevant part of your initial post.
An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\
and
edgetransport (3408) Sender Reputation Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\SenderReputation\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Do you have any file-level antivirus installed on this server? If so, try stopping it during the install.
Further, please check the sub-folders under TransportRoles. The NetworkService account should have *Full Control* of the Data folder and inheritance should be enabled for sub-folders.
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2006 4:26pm
No scanning software installed except forefront.
On "C:\Program Files\Microsoft\Exchange Server\TransportRoles" the "Network Service" has all Rights. Also on all Subfolders.
Additional directly on drive "C:" Network Service has read rights. If i remove only these read right he has then only full rights on "C:\Program Files\Microsoft\Exchange Server\TransportRoles" and the error above occured. If i add the read rights back on c: it works without errors.
Why the "Network Service" needs read rights on c: ?
August 10th, 2006 6:52pm
I also encounter the similar problem while connect to the server, anyone can help ?
1) Watson report about to be sent to dw20.exe for process id: 2220, with parameters: E12, c-RTL-AMD64, 08.00.0605.015, MSExSearch, M.E.S.ExSearch, M.E.S.NativeMethods.SetExchange, System.DllNotFoundException, 3378, 08.00.0605.015
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2006 12:58pm
I had to add Network Service read rights at the root of the referenced drive (D in my case) and the Exchange install directory (D:\Exchange Server) since it did not inherit permissions. Then it worked fine.
October 12th, 2007 8:29pm
To resolve this issue, we had tried everything and nothing had worked.
Then we saw a 5GB .que file in the queue folder under the exchange file directory and alot of .log files.
It was like the transport service was trying to read through this 5GB .que file while trying to start up.
To resolve this we stopped all the exchange services and moved the log and que files outside of the queue folder and start all the exchange services and the transport service will start successfully.
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2008 5:23am
This was exactly the case in Exchange Transport issues. Best bet would be for anyone having issues with transport always shutting down, to create a new folder, and move all the information from the queue folder to the new folder. This usually resolves the issue.
November 11th, 2008 3:28am