Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

unable to run "setup /forestprep" during exchange 2003 install.  permissions error encountered.

Posted on 2007-10-08
14
Medium Priority
?
694 Views
Last Modified: 2012-06-27
I'm bringing up a brand new network for one of my clients.  I built a brand new server, installed windows 2003 and then promoted it to a DC.  Everything went fine until I tried to install exchange.

(I'm aware of the pitfalls associated with installing exchange on a DC.  Unfortunately, they are a necessary evil in this situation)

setup /forestprep returns the following error:

The component "Microsoft Exchange Forest Preparation" cannot be assigned
the action "ForestPrep" because:
 - Either you do not have permission to update the Active
Directory schema or Active Directory service is currently too busy.

I'm aware of the Knowledge base article KB274196 which identifies the "remote registry service" as the culprit.  My server has this service running correctly and my Exchange setup log does not contain the same errors listed in that KB article.

Here is a copy of my exchange install log: http://pastebin.ca/730149

Here is a copy of netdiag's output:  http://pastebin.ca/730151

Here is a copy of dcdiag's output: http://pastebin.ca/730152 

Any assistance would be appreciated.

Cheers,

-Zander
0
Comment
Question by:NWHS
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20037673
Make sure that the account you are using is a member of the schema administrators group.
0
 

Author Comment

by:NWHS
ID: 20037697
I am doing this as the Domain Administrator who is a schema administrator by default.  I double checked just in case the permission had been removed.  Everything is fine.
0
 

Author Comment

by:NWHS
ID: 20037713
Sorry, I think that was a little vague.  I mean to say that there were no problems with the domain administrator's permissions.  The overall problem persists.

-Zander
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20037746
It wasn't that vague.

Anyway, there are a few things here.  First, I would reboot, then try setup again - I know, I know, amazingly scientific.  

Second, assuming that does no good, I would make the Domain admin account you are using, a member of the local administrators group (it is a long shot, I know, and it shouldn't matter as it is already in there with domain admins, but humour me - then reboot and try again).

Third, how many servers?  Is this Exchange server the first DC?  If not, find out which one is, find out if it is the Schema Master FSMO role holder, and then run forestprep on that one.

Finally, you could also have a look at this, but it is another long shot -> http://support.microsoft.com/kb/326262

-red
0
 

Author Comment

by:NWHS
ID: 20037812
Hey Red,

I've already tried the reboot trick twice.  I love the magic of rebooting.  Unfortunately, no dice this time.

So far as I'm aware, a system that has been promoted to a DC no longer has a "local administrators" group.  I hunted around for one just in case but there's nothing like that in AD, and the "users and groups" item has been removed from the computer management tree.

This is the only server in the domain (the only computer at all for that matter) so it is the Schema master.

I had already gone through that article.  I even made that change to the registry, even though those errors do not appear in my setup log.  No dice there either.

-Zander
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20037866
Why is netdiag showing up as windows 2000?  And why have you not updated the server at all (you only have 2 listed hotfixes).
0
 

Author Comment

by:NWHS
ID: 20037868
This seems unrelated but it might be important information.  

This is a rebuild of their previous server which crashed with no backup.  I was able to pull a copy of the ntds.dit file off of the crashed server and attempted to recover it after rebuilding the server with identical settings.

Since I didn't have a system state backup I attempted my recovery using ntdsutil in ds recovery mode.  I simply set the db path to a different directory containing the old ntds.dit file.  Unfortunatly this did not work because no one knew the origional dsrm password.  so I returned the settings to the origional path.  I ran "integrity" which succeeded and then booted the server with no further problems.

0
 

Author Comment

by:NWHS
ID: 20037873
I don't have a clue why netdiag is showing the server as windows 2000.  I thought that was pretty strange too.  I am actually running the sp2 update as I type this.  I'm headed home after that but I'll report back in the morning.

Thanks for all the help so far.  I really appreciate the friendly respect that you capably communicate  in your messages.

-Alex


0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20037876
Why are you trying to recover anything on what sounds like a clean network install?  What is stopping you from formatting it and starting again?
0
 

Author Comment

by:NWHS
ID: 20042336
Several answers:

There was a pre-existing network here before I came along.  They hired me to re-create their network after a total server failure.  When I walked in the door they had a non-functional DC with two of the 3 raid5 drives in failure mode.  I forced the array back online and was able to copy the ntds.dit file (thats the active directory database) from the degraded array.  

I then started from scratch and built them a fresh server.  The first thing I tried to do was recover their pre-existing AD database so as to not have to rebuild all their accounts from scratch.  I used the ntdsutil method that I mentioned above.  That was unsuccessful because no one remembered the old dsrm password.  So, I proceeded with the fresh AD database.  

At this point I've recreated all their accounts and group permissions for file shares, All their workstations have been joined to the domain (my assistant did that last night) and all their old profiles have been transfered into new ones.  That is why I don't want to format and reinstall.  

At this point I think our best lead is probably the weird "windows 2000" message in netdiag.  I ran a fixboot to see if it was something with the kernel but that didn't seem to do much.  (to be honest, i don't know what fixboot really fixes.)

-Zander
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20044050
How many users are we talking about here?

Anyway, rebuilds aside (FWIW, I NEVER use a server that gives me problems when configuring it - if something goes wrong, it gets formatted til it plays nice - it might take 4 or 5 installs, but it is worth it) how did the service pack and updates go for windows?

Where did you get netdiag?  Download the latest version in the support tools.

-red
0
 

Author Comment

by:NWHS
ID: 20044734
Ok,

So here's the solution.  If you're reading this thread hoping for an elegant answer, I'm sorry but I'm not going to be able to provide one.

I ran out of time to wait for assistance and went with the hit-it-with-a-hammer method.  I took a system-state backup of the server and formated it.  After rebuilding it exactly as it had been before, I recovered the system state.  All of this was done using the built in backup software (formerly known as ntbackup).  Once I had recovered the system-state I no longer had the forestprep error.  I'm still in the dark as to why it was happening in the first place.

All I learned about the problem is that it isn't related to netdiag reporting the wrong OS (it still does that) and whatever was causing the trouble isn't stored in the system state.

<email address removed>

-Zander
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22545175
PAQed with points refunded (300)

Computer101
EE Admin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question