Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2003 to Exchage 2010 Migration, need an explanation for a behavior i am facing

Posted on 2011-02-28
11
Medium Priority
?
553 Views
Last Modified: 2012-05-11
i started a migration from Exchange 2003 to Exchage 2010 , and on installation for the Exchange 2010 server to my enivornment the setup failed for all roles with a "Service could not enterRunning State" error .
then i figured that i had to add the servers that i will install Exchange 2010 on to the AD Security group "Exchange Enterprise Servers". well everything worked fine afterwards.
now every while i go to check the AD directory group i found that the servers are removed "like every 12 hours or so"and i have to manualy add them again. "may be with every AD replication am not sure"
does any one has an explanation for this behavior ?
0
Comment
Question by:Mohamed ElManakhly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34997460
this is unusual.

Did you run :

D:\setup /PrepareLegacyExchangePermissions
D:\setup /PrepareSchema
D:\setup /PrepareAD

Before you performed the installation?
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34997489
Hi there,

assuming that you've been able to install Exchange, I presume that the schema exentions went fine as well (or else Exchange wouldn't setup).

It seems to me that you - indeed - might have some replication issue within AD. Certainly because after x-time your server-accounts disappear.

Did you already check replication? If yes, did it bring up any errors?

Michael
0
 
LVL 13

Author Comment

by:Mohamed ElManakhly
ID: 34997536
well yes deployment went fine no problems . yet  i am going to review the replication events more for more info,
but today i added the Computer accounts to the group and then i forced replication using repadmin , i then went to every domain controller in 3 sites and confirmed that the group membership updated fine.it was there on every domain controller i have
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 34997551
you haven't by anychance setup restricted groups for these groups have you?
See here for further details: http://technet.microsoft.com/en-us/library/cc756802(WS.10).aspx
0
 
LVL 13

Author Comment

by:Mohamed ElManakhly
ID: 34997554
@demazter .. nope i left the AD prepartion to be done by the exchange Setup. in the prganization preparation step.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34997561
might be worth running them as this adds all the required permissions.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34997564
I've had a similar issue before, in our case it was a local security policy gone bad. We had to rebuild it using secedit.

Grts,

Michael
0
 
LVL 13

Author Comment

by:Mohamed ElManakhly
ID: 34997606
@demazter , i will try rerunning the commands again manually.

@michaelIVH will give it a go too.

0
 
LVL 13

Author Comment

by:Mohamed ElManakhly
ID: 35005744
well guys i tried the above suggestions but reached no where , same behavior.. yet i almost figuredout whats going on so i thought i would let you know , here is what i did ..
1- added another computer account "Non Exchange" to the same group "Exchange Enterprise Servers" along with the Exchange 2010 Computer accounts.
2-waited for the replication and checked the group membership again. Exchange Servers were flushed , yet the Computer Account "Non Exchange" is still there.
3- i noticed that the common thing is that Exchange Servers were members of the "Exchange Domain Servers" AD group which is by default a member of the "Exchange Enterprise Servers" AD group, while the Computer Account "Non Exchange" Was not.
4- i added the non Exchange account to the "Exchange Domain Servers" , after replication it was flushed away too .

so apparently Computer accounts can not be member of both groups if AD replication finds ita member of "Exchange Domain Servers" it automatically flushes it from the "Exchange Enterprise Servers" . yet i am still wondering if that was the case why wasn't i able to continue the installation in first place , why did i had to add the computer accounts to the Exchange Enterprise Servers for the installation to complete successfully .
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 2000 total points
ID: 35005749
running the preparead commands in my very first post would have fixed this if you had been running it with the correct permissions.
0
 
LVL 13

Author Closing Comment

by:Mohamed ElManakhly
ID: 35015033
Doing my tests mentioned in my comment helped figuring out most of the cause.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question