Permission problem when installing E2K7 SP1
Hi all, I tried to install the Exchange 2007 SP1 on a x64 machine, win 2003 R2 with Exchange 2007 already installed. I faced some problems with permissions, which I run away but one I couldn't. After the SP1 setup checks my machine for prerequisites it starts preparing the Organisation. After a minute and a half it fails with the message : "You do not have permissions to read the security descriptor on CN=Deleted Objects,CN=Configuration,DC=businessoft,DC=local." I ran the setup from Remote Desktop, from a console mstsc /console, locally, unattendedly - setup/preparead, finally I rebooted the machine and it again failed with the same message. I am loggind with administrator which is a member of all possible Exchange Groups. Please help.
August 28th, 2008 11:18am

Hi, This issue may have several cause. Please check the below items one by one to find the stick point for this issue. 1. It may caused because the "deleted objects" object does not exist in active directory. Please create a new user in Active Directory and then delete it. After that, please re-run Exchange Setup. 2. Please try to create a new administrator account and then assign the required permissions for Exchange Administrator. 3. Please install the .net framework 2.0 hotfix http://support.microsoft.com/default.aspx?scid=kb;EN-US;926776 4. Please try to delete and re-create the "Deleted folder" container. Please use AD Explorer to find the Deleted folder http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx How to let non-administrators view the Active Directory deleted objects container in Windows Server 2003 and in Windows 2000 Serverhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;892806 Note: Don't try with the dacls.exe from W2k3 with the version of 5.2.3790.1830.Ensure that your ADAM version of dacls says "1.1.3790.2075" Please run the below command: dsacls "CN=Deleted Objects,DC=Contoso,DC=com" /takeownership dsacls "CN=Deleted Objects,DC=Contoso,DC=com" /g CONTOSO\EricLang:LCRP View or Set Permissions on a Directory Object http://technet.microsoft.com/en-us/library/cc816824.aspx Hope it helps. Xiu
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2008 10:37am

Hi Xiu-Zhang, THANK U VERY MUCH that is what I needed: dsacls "CN=Deleted Objects,DC=Contoso,DC=com" /takeownership
August 29th, 2008 3:37pm

Glad to hear it works now. Regards, Xiu
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2008 5:08am

Hi, I have the same exact problem with the installation of Exchange Server 2007 SP1 on a 64bit Windows Server 2008 machine. The system is currently an DC for a tiny domain of about 10 computers. I do understand that it is suggested that Exchange not be installed on a DC, however, in such a small network, resourcews are very limited and I am not even able to setup a virtual machine using the Hyper-V. This is why the DC will have to be the exchange server as well. I have tried all of the suggestions mentioned in this forumand almost any other workaround, including changing the drive letter to E (as suggested in some forums, although I do not understand how this should make a difference!!!), but the setup still fails saying that the permission to view the Deleted Objects in the Configuration does not exist. I am able to see the contents of the Deleted Objects container using the Directory Explorer, although the icon is grayed out. Does this have to do anything with my problem? I am currently trying to install the Exchange Server from an account withAdministrator / Domain Admin / Eterprise Admin privillages. Does anyone have any other suggestions? Please help... This is truly been the most painful and annoying installation process in the history of installations!
September 22nd, 2008 3:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics