Mohamed ElManakhly
asked on
Exchange 2003 to Exchage 2010 Migration, need an explanation for a behavior i am facing
i started a migration from Exchange 2003 to Exchage 2010 , and on installation for the Exchange 2010 server to my enivornment the setup failed for all roles with a "Service could not enterRunning State" error .
then i figured that i had to add the servers that i will install Exchange 2010 on to the AD Security group "Exchange Enterprise Servers". well everything worked fine afterwards.
now every while i go to check the AD directory group i found that the servers are removed "like every 12 hours or so"and i have to manualy add them again. "may be with every AD replication am not sure"
does any one has an explanation for this behavior ?
then i figured that i had to add the servers that i will install Exchange 2010 on to the AD Security group "Exchange Enterprise Servers". well everything worked fine afterwards.
now every while i go to check the AD directory group i found that the servers are removed "like every 12 hours or so"and i have to manualy add them again. "may be with every AD replication am not sure"
does any one has an explanation for this behavior ?
Hi there,
assuming that you've been able to install Exchange, I presume that the schema exentions went fine as well (or else Exchange wouldn't setup).
It seems to me that you - indeed - might have some replication issue within AD. Certainly because after x-time your server-accounts disappear.
Did you already check replication? If yes, did it bring up any errors?
Michael
assuming that you've been able to install Exchange, I presume that the schema exentions went fine as well (or else Exchange wouldn't setup).
It seems to me that you - indeed - might have some replication issue within AD. Certainly because after x-time your server-accounts disappear.
Did you already check replication? If yes, did it bring up any errors?
Michael
ASKER
well yes deployment went fine no problems . yet i am going to review the replication events more for more info,
but today i added the Computer accounts to the group and then i forced replication using repadmin , i then went to every domain controller in 3 sites and confirmed that the group membership updated fine.it was there on every domain controller i have
but today i added the Computer accounts to the group and then i forced replication using repadmin , i then went to every domain controller in 3 sites and confirmed that the group membership updated fine.it was there on every domain controller i have
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@demazter .. nope i left the AD prepartion to be done by the exchange Setup. in the prganization preparation step.
might be worth running them as this adds all the required permissions.
I've had a similar issue before, in our case it was a local security policy gone bad. We had to rebuild it using secedit.
Grts,
Michael
Grts,
Michael
ASKER
@demazter , i will try rerunning the commands again manually.
@michaelIVH will give it a go too.
@michaelIVH will give it a go too.
ASKER
well guys i tried the above suggestions but reached no where , same behavior.. yet i almost figuredout whats going on so i thought i would let you know , here is what i did ..
1- added another computer account "Non Exchange" to the same group "Exchange Enterprise Servers" along with the Exchange 2010 Computer accounts.
2-waited for the replication and checked the group membership again. Exchange Servers were flushed , yet the Computer Account "Non Exchange" is still there.
3- i noticed that the common thing is that Exchange Servers were members of the "Exchange Domain Servers" AD group which is by default a member of the "Exchange Enterprise Servers" AD group, while the Computer Account "Non Exchange" Was not.
4- i added the non Exchange account to the "Exchange Domain Servers" , after replication it was flushed away too .
so apparently Computer accounts can not be member of both groups if AD replication finds ita member of "Exchange Domain Servers" it automatically flushes it from the "Exchange Enterprise Servers" . yet i am still wondering if that was the case why wasn't i able to continue the installation in first place , why did i had to add the computer accounts to the Exchange Enterprise Servers for the installation to complete successfully .
1- added another computer account "Non Exchange" to the same group "Exchange Enterprise Servers" along with the Exchange 2010 Computer accounts.
2-waited for the replication and checked the group membership again. Exchange Servers were flushed , yet the Computer Account "Non Exchange" is still there.
3- i noticed that the common thing is that Exchange Servers were members of the "Exchange Domain Servers" AD group which is by default a member of the "Exchange Enterprise Servers" AD group, while the Computer Account "Non Exchange" Was not.
4- i added the non Exchange account to the "Exchange Domain Servers" , after replication it was flushed away too .
so apparently Computer accounts can not be member of both groups if AD replication finds ita member of "Exchange Domain Servers" it automatically flushes it from the "Exchange Enterprise Servers" . yet i am still wondering if that was the case why wasn't i able to continue the installation in first place , why did i had to add the computer accounts to the Exchange Enterprise Servers for the installation to complete successfully .
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Doing my tests mentioned in my comment helped figuring out most of the cause.
Did you run :
D:\setup /PrepareLegacyExchangePerm
D:\setup /PrepareSchema
D:\setup /PrepareAD
Before you performed the installation?