i am getting an error when trying to install exchange 2010 sp1 when I get to the hub transport "$error.Clear(); Set-LocalPermission" was run: " the process

I am trying to install Exchange SP1- have followed all the steps

Update Active Directory Schema
Before install Exchange 2010 SP1 we must run a schema update.
How to find the server with the schema master role:
1.      Start MMC
2.      Load the Schema Snap in
3.      In the Snap in, Right click on Active Directory Schema
4.      Choose Operations Master…
5.      By Current Schema is listed the Schema Master
From this schema master you can run the command:
1.      Logon locally on the Schema Master Server
2.      Start Command Prompt
3.      From the Exchange 2010 SP1 location, start this command:
4.      “setup.com / prepareAD”
Installation Service Pack 1
It’s important to install also this Service Pack from out-side to in-side. So we must first upgrade the edge servers and the last server should be the mailbox servers. You should always apply hotfixes/service packs as described.
Rob HayesDirector of ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob HayesDirector of ITAuthor Commented:
I have seen this but I cannot seem to make heads or tails of the solution- looks like they are having the same problems but I don't get the soltuion
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

AmitIT ArchitectCommented:
Is this a coexist env or fresh install?
0
AmitIT ArchitectCommented:
If fresh install then:

Remove it Manually

http://msgsense.com/2011/01/18/manually-uninstall-last-exchange-2010-server-from-organization/

Reinstall it again.
0
Rob HayesDirector of ITAuthor Commented:
i am upgrading exchange 2010 to sp1
0
AkhaterCommented:
Hi there, maybe you can give me more info about your setup ? how many servers do you have ? any orphan server ? any cluster ?

thanks
0
Rob HayesDirector of ITAuthor Commented:
single server- exchange not clustered

ran ad setup no problem

everything runs fine until hub transport role whne I get the error

everything I read says its the manage audting and security log settings need to have the user I am installing with included- the local security policy for that setting is grayed out so I can't change it
0
AkhaterCommented:
is this a domain controller by any chance ? can you provide me with the full error not just a part like you pasted ?

what user are  you using ?
0
Rob HayesDirector of ITAuthor Commented:
install error
0
Rob HayesDirector of ITAuthor Commented:
I am logged in as administrator- the exchange server is not the domain controiller
0
Rob HayesDirector of ITAuthor Commented:
if someone knows how to change the local security policy on the exchange server I think that will fix it- the GPO should be controlling this but somehow its not- the administrator account is in the manage auditing and security log settings on the active directory domain controller
0
AkhaterCommented:
Good and when you go to local policy -> Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Manage auditing and security log

it is greyed out ?
0
Rob HayesDirector of ITAuthor Commented:
yes it is greyed out
0
AkhaterCommented:
Here is what I need you to do

on your exchange server run GPResult /R

and note all the group policies applied from you Domain on your exchange server

then go to GPMC (group policy management console) find these policies and edit them go to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Manage auditing and security log on each and disable it.

when you finish go back to your exchange server and run gpupdate /force then go back to local security policy of your exchange server you shold be able to edit it
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AmitIT ArchitectCommented:
Rerun PrepareDomain switch, that normally fixes GPO rights issue
0
Rob HayesDirector of ITAuthor Commented:

here are the settings- I found the setting in the GPO od the AD comina controller- i deleted the settings- did the gp update on the exchange server but the seetings are still greyed out

RSOP data for PALAW\administrator on ATL-EXN01 : Logging Mode
--------------------------------------------------------------

OS Configuration:            Member Server
OS Version:                  6.1.7601
Site Name:                   South-Terraces
Roaming Profile:             N/A
Local Profile:               C:\Users\administrator.PALAW
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=ATL-EXN01,OU=Servers,OU=South Terraces,OU=PALAW,DC=palaw,DC=local
    Last time Group Policy was applied: 4/9/2011 at 2:02:56 AM
    Group Policy was applied from:      ATL-ADS01.palaw.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        PALAW
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Windows Update Servers
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Internet Explorer Settings
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        System Mandatory Level
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        ATL-EXN01$
        Domain Computers
        $491000-7MN6ABN9O4A3
        Exchange Windows Permissions
        Exchange Servers
        Exchange Trusted Subsystem


USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=palaw,DC=local
    Last time Group Policy was applied: 4/9/2011 at 2:02:56 AM
    Group Policy was applied from:      ATL-ADS01.palaw.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        PALAW
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Internet Explorer Settings

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Default Domain Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Domain Admins
        VMware Admins
        Group Policy Creator Owners
        $491000-7MN6ABN9O4A3
        Enterprise Admins
        Public Folder Management
        Exchange Windows Permissions
        Organization Management
        Schema Admins
        Exchange Servers
        Denied RODC Password Replication Group
        High Mandatory Level
0
Rob HayesDirector of ITAuthor Commented:
and I had previously rerun the prepareAD already
0
AkhaterCommented:
what do you mean deleted ?

you deleted ALL THE Policy or you just disabled the part I told you about ??? (please don't tell me you deleted the whole policy)


the ones you should edit are
   Windows Update Servers
   Default Domain Policy

go to these edit them and go to  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Manage auditing and security log on each and disable it. (disable ONLY this part)

if that is what you did reboot your server it should work
0
Rob HayesDirector of ITAuthor Commented:
no I made the policy not defined in the Default Domain Controllers Policy
0
AkhaterCommented:
good to know :D you scared me

what about the "Windows Update Servers" it was not defined ?

reboot your server it should work
0
Rob HayesDirector of ITAuthor Commented:
already not defined in windows update server
0
Rob HayesDirector of ITAuthor Commented:
rebooting now

I may not be a genius but I am not a complete dumb a** wither  :-)
0
Rob HayesDirector of ITAuthor Commented:
either
0
AkhaterCommented:
sorry I never said that :(

It is just that if you did mistakes on my advise I would feel responsible

Don't take it wrong  
0
Rob HayesDirector of ITAuthor Commented:
was able to add administrator- now we will see if it works
0
Rob HayesDirector of ITAuthor Commented:
made it 2 more steps- now I am getting this error client access role
0
AkhaterCommented:
it is ok run iisrest /stop manually before and when it finishses run the setup again
0
Rob HayesDirector of ITAuthor Commented:
nope- did not work everything I have read says you have the problem was resolved by removing the Non-http Activation feature in .Net Framework.- I can't figure out how to do that- don;pt see a setting for it

0
AkhaterCommented:
yep it seems i misread the error

please open you server manager -> features and click on remove features

expand .net framework 3.5.1 features -> wcf activation and uncheck the non-http activation
0
Rob HayesDirector of ITAuthor Commented:
got it and I have made it to mailbox role
0
Rob HayesDirector of ITAuthor Commented:
ok new error during mailbox role screen shot 1 screen shot 2ExchangeSetup.log
0
AkhaterCommented:
it seems that the user associated with the discovery mailbx is enalbed!

if that is the case disable it and try again

also run EXBPA on your setup
0
Rob HayesDirector of ITAuthor Commented:
what is EXBPA?
0
Rob HayesDirector of ITAuthor Commented:
nevermind- figure it out
0
Rob HayesDirector of ITAuthor Commented:
stuck for 7 hours on mailbox role- can't connect to tools anymore to run EXBPA- any other way to run it?
0
Rob HayesDirector of ITAuthor Commented:
Truly- these were all different questions- each step got me one step further in the process until I was able to complete the Exchange 2010 SP1 upgrade.  Extremely helpful and deserving of more points than he is getting!!
0
AkhaterCommented:
glad you sorted it out and thanks for the point !

what was the last issue ?
0
Rob HayesDirector of ITAuthor Commented:
i had to download the EXBPA cuz I could not run it from the mgt console- there was an inherited permission issue that I fixed with adedit.  I also read that there were 2 other commands to prep with other than setup.com /prepareAD

 those commands were setup.com /pad  and setup.com /ps

I ran those and did the best practice fix and we were in business.  

Thanks again for the all the late night help- I am actually leaving now to have tonight an tmorrow off.  Got rollup 3 v3 installed so Exchange is tight. Very feature rich service pack but what a pain to install- almost as bad as installing from scratch
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.