• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1104
  • Last Modified:

AD Error While Installing Exchange 2010 SP2

I'm attempting to install Exchange 2010 SP2 on my Exchange server (currently on SP1) and during the "Organization Prerequisites", "Hub Transport Role Prerequisites", "Client Access Role Prerequisites" and "Mailbox Role Prerequisites" sections, I'm getting the following error message:

Error:
Setup encountered a problem while validating the state of Active Directory: Setup could not retrieve the schema master domain controller information from Active Directory.

Our primary domain controller is running Server 2008 R2, and comes up correctly when I run:
dsquery server -hasfsmo schema

Open in new window


I've done a bit of Googling on the issue but haven't come up with much.  Here is the results of a dcdiag:

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: KELETH\KELETHDC99
      Starting test: Connectivity
         ......................... KELETHDC99 passed test Connectivity

Doing primary tests

   Testing server: KELETH\KELETHDC99
      Starting test: Advertising
         ......................... KELETHDC99 passed test Advertising
      Starting test: FrsEvent
         ......................... KELETHDC99 passed test FrsEvent
      Starting test: DFSREvent
         ......................... KELETHDC99 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... KELETHDC99 passed test SysVolCheck
      Starting test: KccEvent
         ......................... KELETHDC99 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... KELETHDC99 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... KELETHDC99 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=sunrype,DC=com
         ......................... KELETHDC99 failed test NCSecDesc
      Starting test: NetLogons
         ......................... KELETHDC99 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... KELETHDC99 passed test ObjectsReplicated
      Starting test: Replications
         ......................... KELETHDC99 passed test Replications
      Starting test: RidManager
         ......................... KELETHDC99 passed test RidManager
      Starting test: Services
         ......................... KELETHDC99 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:44:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:47:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   08:48:18
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:49:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:52:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   08:53:20
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:54:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:57:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   08:58:21
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   08:59:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:02:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:03:22
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:04:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:07:07
            Event String: The following fatal alert was received: 46.
         A warning event occurred.  EventID: 0x0000A001
            Time Generated: 09/06/2012   09:08:23
            Event String:
            The Security System could not establish a secured connection with th
e server ldap/kelethdc99/sunrype.com@SUNRYPE.COM. No authentication protocol was
 available.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:08:24
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:09:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:12:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:13:25
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:14:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:17:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:18:26
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:19:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:22:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:23:28
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:24:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:27:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:28:29
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:29:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:32:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:33:31
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:34:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:37:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:38:32
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:39:37
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x00009017
            Time Generated: 09/06/2012   09:42:07
            Event String: The following fatal alert was received: 46.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 09/06/2012   09:43:33
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         ......................... KELETHDC99 failed test SystemLog
      Starting test: VerifyReferences
         ......................... KELETHDC99 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : sunrype
      Starting test: CheckSDRefDom
         ......................... sunrype passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... sunrype passed test CrossRefValidation

   Running enterprise tests on : sunrype.com
      Starting test: LocatorCheck
         ......................... sunrype.com passed test LocatorCheck
      Starting test: Intersite
         ......................... sunrype.com passed test Intersite

I have looked into the repeated "LDAP Bind function call failed" error, and installed a recommended hotfix onto my Server 2003 DCs, but this hasn't corrected the issue and I have no idea if it's related to the problem with the Exchange Service Pack.

Can anyone recommend what I try next?  Thanks!
0
SR_Tech
Asked:
SR_Tech
  • 6
  • 5
  • 3
  • +1
1 Solution
 
tylerpayneCommented:
Okay so you have your primary domain controller as the schema master, and you are putting exchange 2010 on a second server running server 2008 r2? have you joined the second server to the domain as a member server? Also did you open command promt and type setup.com /prepareAD
0
 
SR_TechAuthor Commented:
Exchange 2010 is already up and running on a second member server running 2008 R2.  PrepareAD was run long ago when I initially installed Exchange.
0
 
tylerpayneCommented:
i dont understand, you have it working but your doing Prerequisites? More details are needed.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
SR_TechAuthor Commented:
As I already said, I'm installing the second service pack (SP2), to bring the server up from SP1 to SP2.  During this process, it checks these prerequisites.
0
 
tylerpayneCommented:
Okay now im on the same page. You still need to log into the domain controller and run Setup /PrepareSchema   also do you have IIS 6 WMI ?
0
 
tylerpayneCommented:
Also make sure you have these already installed.
1.Open Server Manager.

2.Select Roles.

3.Under Web Server (IIS), select Add Role Services.

4.In the Add Role Services wizard, on the Select Role Services page, select the following Windows features:

•IIS 6 WMI Compatibility

•ASP.NET

•ISAPI Filters

•Client Certificate Mapping Authentication

•Directory Browsing

•HTTP Errors

•HTTP Logging

•HTTP Redirection

•Tracing

•Request Monitor

•Static Content

5.Click Next and then Install.
0
 
SR_TechAuthor Commented:
Which setup application am I running /prepareschema from?  The SP2 setup .exe doesn't accept parameters.

As well, all of those Role Services are already installed on the Exchange server.
0
 
tylerpayneCommented:
you should be logged into the domain controller and open command prompt and type setup /prepareschema   look at this article

http://workinghardinit.wordpress.com/2011/12/15/upgrading-exchange-2010-sp1-to-sp2/

you kinda have to do everything all over again like you had to do when you installed exchange the first time.
0
 
SR_TechAuthor Commented:
Oh, derp, I should have looked for an article like that.

Thanks!
0
 
SR_TechAuthor Commented:
Okay, so in trying to perform the /prepareschema operation ON the DC holding the FSMO roles, I actually get the original error message again, and the operation fails.  Now what?
0
 
Stelian StanCommented:
On your Exchange box go to Services, search for Net.Tcp post sharing... Change the start type to "Automatic" , Click "Apply" , Start the Service.

It should take care of the issue that you are experincing,

Start
setup /ps again
0
 
Stelian StanCommented:
By the way, to properly run setup /ps open a command prompt with admin rights. Do not run that command on a powershell window.
0
 
SR_TechAuthor Commented:
Hi clonyxlro, this service is already set to Automatic and is already running.
0
 
BembiCEOCommented:
Just some fast ideas:
As SP2 updates the schema, do you have schema admin right?
Is UAC enable? Have you tired to run it "as administrator"?
Have you run the EXBPA to see the healthy of your server?

Also check DNS, if there are issues, global catalog, the configuration DNS which is used by exchange.

Also in your logs I can see:
Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=sunrype,DC=com

And the group policy issues from the event log also should be checked.
0
 
Stelian StanCommented:
Another thing to consider is HOST file. Check the HOST file on your DC for entries and remove them.

Can you also post the error from event viewer?
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now