Problem with Exchange Install
Hello,
I have 4 domains in my forest.
Domain 1: root domain
Domain 2: NA
Domain 3: EU
Domain 4: AP
Domain 5: SA
I am currently logged into the Schema Master for the Root domain. From this server I can query the DC SRV records (_ldap._tcp.domain.com) for each domain. I can also ping, and log into each of the domain controllers listed using my credentials (Enterprise
Admin). My user account also has been delegated the Exchange Administrator role in the Exchange 2003 Organization.
When I run setup /pl: sa.domain.com I get the following error: Active Directory error 0x8000FFFF occurred while searching for domain controllers in the domain domain5.com: Logon failure: unknown user name or bad password.
At first glance it appears to be an authentication issue. But I can't figure out how to resolve it.
Thanks for the help in advance,-Robert
April 14th, 2011 8:10pm
Please ensure the following are met
To run this command to prepare every domain in the forest, you must be a member of the Enterprise Admins group. To run this command to prepare a specific domain, or if the forest has only one domain, you must be delegated the Exchange Organization Management
role, and you must be a member of the Domain Admins group in the domain that you will prepare.
If you don't specify a domain, the domain in which you run this command must be able to contact all domains in the forest. If the server can't contact a domain that must have legacy Exchange permissions prepared, it prepares the domains that it can contact,
and then returns an error message that it was unable to contact some domains.
You can run this command from any Windows Server 2008 server in the forest.
You must run this command on a computer in the same domain and in the same Active Directory site as the schema master. Setup will make all configuration changes to the schema master to avoid conflicts because of replication latency. For more information,
see
Identify the schema master. After you run this command, you must wait for the permissions to replicate across your Exchange organization before continuing to the next step. If the permissions haven't replicated, the Recipient Update Service on your Exchange 2003 computers could
fail. The amount of time that replication takes depends on your Active Directory site topology.
http://technet.microsoft.com/en-us/library/bb125224.aspx
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2011 8:36pm
To run this command to prepare every domain in the forest, you must be a member of the Enterprise Admins group.
[I have verified this] To run this command to prepare a specific domain, or if the forest has only one domain, you must be delegated the Exchange Organization Management role, and you must be a member of the Domain Admins group in the domain that you will prepare.
[I have verified this] If you don't specify a domain, the domain in which you run this command must be able to contact all domains in the forest. If the server can't contact a domain that must have legacy Exchange permissions prepared, it prepares the domains that it can contact,
and then returns an error message that it was unable to contact some domains.
[I tried to specify the domain as well as not specify. I get the same error]
You can run this command from any Windows Server 2008 server in the forest.
[Running from Windows 2008 R2] You must run this command on a computer in the same domain and in the same Active Directory site as the schema master.
[I have verified this] Setup will make all configuration changes to the schema master to avoid conflicts because of replication latency. For more information, see Identify the schema master.
[I get the logon error before the Schema is updated] After you run this command, you must wait for the permissions to replicate across your Exchange organization before continuing to the next step. If the permissions haven't replicated, the Recipient Update Service on your Exchange 2003 computers could fail.
The amount of time that replication takes depends on your Active Directory site topology.
[I havent been able to get this far, but I can verify that AD replication is working]
-Robert
April 14th, 2011 8:44pm
@Robert - See this.
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/81718363-db32-4337-b8c5-558c416c5f9c/
Sukh
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2011 10:29pm
I tried deleting the profile, and that did not help. Additionally, the command is being executed on the Schema Master, so I am in the correct domain and site.-Robert
April 14th, 2011 11:29pm
@Robert - Do you get any setup.log for the install?
Sukh
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2011 12:48am
I think that this problem is confined to a single Domain Controller.
I had just promoted a new DC to the root domain, and when I try to change domans from ADUC, all but one domain work. When I try to access my SA domain I get the same error: logon failure: bad user name or password. However when I try it again with the same
user credentials from an older (32bit) domain controller, I don't have the same domain issue. The problem I now face is that the DC that doesn't work is my only 64 bit root DC. So it looks like I may be posting a question about this in the AD DS forums.
Thanks for all your help-Robert
April 15th, 2011 7:28pm
Did you tried to run the same command from Domain Controller(2008)?
Try it and post the result Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2011 11:14pm
Yes. The DC we are trying to make this work on is a Windows 2008 R2 server-Robert
April 16th, 2011 12:17am
Hi Robert
When you introduced 2008 R2 domain controllers to the forest, did you then also prepare all child domains for 2008R2 servers?
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2011 9:23pm