Installazione Exchange 2013 SP1

Buongiorno a tutti,

come si può capire dall'oggetto della domanda ho un problema con l'installazione.

L’ambiente è semplice: un domain controller 2012 R2 ed un server membro 2012 R2 nel quale vorrei installare Exchange 2013.

Una prima installazione di Exchange si è bloccata quasi alla fine e mi ha costretto a reinstallare il sistema operativo del server perché non c’era modo di disinstallare o di reinstallare Exchange, la seconda installazione è andata a buon fine ma non era possibile accedere ad ECP o OWA, anche provando a creare un nuovo certificato ssl e ricreare le cartelle ecp ed owa in iis non c’è stato verso. A quel punto ho disinstallato nuovamente Exchange e sistema operativo e ho cancellato, forse incautamente, alcuni riferimenti ad Exchange utilizzando ADSIedit.

Ora alla terza reinstallazione ho questi errori:

Error:
Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx

Error:
Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.  See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

Error:
Either Active Directory doesn't exist, or it can't be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

Warning:
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE12ServerWarning.aspx

Warning:
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx

Qualcuno ha idea di cosa possa fare/cercare per risolvere il problema?

Grazie

Andrea
SIES di Andrea BarbonAsked:
Who is Participating?
 
SIES di Andrea BarbonAuthor Commented:
Hello everyone,
helas at the end the solution was to reinstall DC and Exchange Server.

Andrea Grespan
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
It seems you are trying to install Exchange 2013 but your domain functional level is 2000.  Below is what I suggest:

1.  Upgrade your DC to 2008 or 2012
2.  Decommission older DCs by moving FSMO rights to new DC(s)
3.  Install Exchange
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Here are the below reasons and solutions for this error

1. Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.

Make Sure that the account through which you are installing exchange is a member of Enterprise Admin, Schema Admin & Domain Admin group

2. Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.  See the Exchange setup log for more information on this error.

This error occurs if there are duplicate microsoft exchange system objects. For resolving this error follow the below steps

Log on to the domain controller with administrative credentials.
In Administrative Tools, click Active Directory Users and Computers.
In the Active Directory Users and Computers management console pane, click View from the toolbar menu and then select Advanced Features.
Locate the duplicate Microsoft Exchange System Objects container.
Verify the duplicate Microsoft Exchange System Objects container doesn’t contain valid Active Directory objects.
Right-click the duplicate Microsoft Exchange System Objects container, and then click Delete.
Confirm the deletion by clicking Yes in the Active Directory dialog box.

3. The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.

Seems your Forest level is set to Mixed Mode. For installing the Exchange the Forest level must be set to 2000 native. Follow the below steps

Go to Active Directory Domains & Trusts right click domain select Raise Forest Funtional Level and set it to 2000 native.

4. Either Active Directory doesn't exist, or it can't be contacted.

Follow the below steps it will resolve the issue

Make sure you Server manager > Add Features >  Select Remote Server Administration tools > And select ADDS & ADLS tools and click install

5.  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD

To resolve this error do the following run the below command and enter the organization name of your Exchange

Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IAcceptExchangeServerLicenseTerms.

For more information refer the below link

https://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx

Along with this you have to also prepare the schema run the below command for preparing the schema

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Thanks
Manikandan
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SIES di Andrea BarbonAuthor Commented:
Hi Mohammed Khawaja,
thanks for your answer, the big problem is my only DC is already Windows 2012 R2 and I already installed and removed Exchange 2013 a first time.

Andrea Grespan
0
 
SIES di Andrea BarbonAuthor Commented:
Hi Manikandan,
1. like I said in the previous comment I already installed Exchange 2013 in the same environment with the same user that is a member of Enterprise Admin, Schema Admin & Domain Admin.

2. I will try this one

3. See the previous comment

4. I will try tis one too

5. Already tried with more or less the same errors

Thanks
Andrea
0
 
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
Hi Andrea,

could I suggest to cross-reference you steps with this wonderful guide I've used in the past?

Part1
http://www.petenetlive.com/KB/Article/0000716.htm

Part2
http://www.petenetlive.com/KB/Article/0000717.htm

Part3
http://www.petenetlive.com/KB/Article/0000730.htm

Let me know your thoughts.....
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
If that is the case then the account you are using is not member of Enterprise Admin.  You also need to prepare AD by running setup /preparead.  As mentioned above, the account also needs schema admin and domain admin privileges.
0
 
SIES di Andrea BarbonAuthor Commented:
I did this:
Log on to the domain controller with administrative credentials.
 In Administrative Tools, click Active Directory Users and Computers.
 In the Active Directory Users and Computers management console pane, click View from the toolbar menu and then select Advanced Features.
 Locate the duplicate Microsoft Exchange System Objects container.
 Verify the duplicate Microsoft Exchange System Objects container doesn’t contain valid Active Directory objects.
 Right-click the duplicate Microsoft Exchange System Objects container, and then click Delete.
 Confirm the deletion by clicking Yes in the Active Directory dialog box.

and I could at least start the installation that ended at step 8 Mailbox Role with this error:
Error:
The following error was generated when "$error.Clear();
          if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
          {
            Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
          }
        " was run: "Database is mandatory on UserMailbox.".

I will uninstall Exchange, try to delete all references to Exchange in AD and reinstall.
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

The issue may occur due to one or more of the following reasons:

1. There are one or multiple System mailboxes in an inconsistent state because the HomeMDB attribute is missing.
2. The Federated mailbox is in an inconsistent state because the HomeMDB attribute is missing.
3. The Discovery Search mailboxes is in an inconsistent state because the HomeMDB attribute is missing.

In order to check to see if one of the above reasons applies, follow the steps below:

1. Run the following command in the Exchange Command Shell:

Get-Mailbox -Arbitration |fl name, alias

2. You may receive an error or errors from running the command above that one or two of the System Mailboxes and the Federated Mailbox are in an inconsistent state – see the following example results:

WARNING: The object xxxxx/xxxxx/SystemMailbox{1f05a927-9daf-4003-9bf7-036822f96290} has been corrupted, and it's
in an inconsistent state. The following validation errors happened:
WARNING: Database is mandatory on UserMailbox.
WARNING: Database is mandatory on UserMailbox.

3. Run the following command in the Exchange Command Shell Get-Mailbox |fl name, alias on the Discovery Search Mailbox and look for the same error.

4. The error “Database is mandatory on UserMailbox” means that there is no value for the HomeMDB attribute for the mailbox in question – either one or two System Mailboxes, or the Federated Mailbox, or possibly the Discovery Search Mailbox.


RESOLUTION
1. Open ADSIEdit – go to the properties of a regular user with a mailbox on the same database as the particular System Mailbox, Federated Mailbox, or Discovery Search Mailbox and copy the correct HomeMDB attribute to the correct System Mailbox, Federated Mailbox, or Discovery Search Mailbox.

2. On the Domain Controller which you made the changes to the HomeMDB attribute for the 4 mailboxes, go to an elevated command prompt and Replicate the entire Forest using the following command:

repadmin /syncall /e - to replicate the entire forest

3. You should now successfully be able to search using the Discovery Search Mailbox using ECP.

Thanks
Manikandan
0
 
Seth SimmonsSr. Systems AdministratorCommented:
have you checked the health of your AD environment?
i'm seeing things like "Active Directory doesn't exist or cannot be contacted" and the forest functional level not at 2003 or higher which tells me there is something not right.  Are the DNS servers correct?  That forest functional message is not accurate else you wouldn't have been able to put in a 2012 R2 domain controller.

also, SP1 is the same as CU4 which is long out of support; CU8 is the latest you should be using

Cumulative Update 8 for Exchange Server 2013 (KB3030080)
http://www.microsoft.com/en-us/download/details.aspx?id=46373
0
 
SIES di Andrea BarbonAuthor Commented:
Uninstalled everything with:
Setup /Mode:Uninstall /IAcceptExchangeServerLicenseTerms

Deleted the users:
Federatedemail, DiscoverySearchMailbox, HealthMailbox, Migration, SystemMailbox

Deleted OU "Microsoft Exchange Security Groups" e "Microsoft Exchange System Objects"

With ADSIedit configuration under Services deleted "Microsoft Exchange" and "Microsoft Exchange Autodiscover"

Setup /PrepareAD /OrganizationName: "My Organization" /IAcceptExchangeServerLicenseTerms
All ok until now

Run setup and at Step 10 Mailbox role Mailbox service

The following error was generated when "$error.Clear();
          $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
          $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
          $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
          if( $dismbx -ne $null)
          {
          $srvname = $dismbx.ServerName;
          if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
          {
          Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -eq $null )
          {
          Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
          mount-database $dismbx.Database;
          }

          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -ne $null )
          {
          $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagement_InitInfo.WellKnownGuid;
          $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
          if( $dmRoleGroup -ne $null )
          {
            trap [Exception]
            {
              Add-MailboxPermission $dismbx -User $dmRoleGroup.Name -AccessRights FullAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
              continue;
            }
           
            Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
          }
          }
          }
          }
        " was run: "Couldn't resolve the user or group "myorg.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".

Now fingers crossed I'll download CU8....
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

The solution is to remove the Discovery Mailbox user account created as part of the PrepareAD and to run the Exchange setup again.

The Discovery mailbox user has to be re-created and a mailbox needs to be provisioned after Exchange installs successfully. I will explain the steps for that in my next post.

Here is how to re-create the Discovery Search Mailbox:
1. re-create the mailbox using:
Enable-Mailbox "DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}" -Arbitration

2. Add permissions to the Discovery Search Mailbox:
Add-MailboxPermission -Identity:”mydomain.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -User:”Discovery Management” -AccessRights:”FullAccess”

Thanks
Manikandan
0
 
SIES di Andrea BarbonAuthor Commented:
Hi,
I removed all the users created by Exchange and the only outcome I got a was a different error.
I updated the DC and downloaded Exchange CU8, today I will try a new installation in a new installed Windows 2012 machine.
0
 
SIES di Andrea BarbonAuthor Commented:
Now I get this error during mailbox role installation:

Error:
The following error was generated when "$error.Clear();
          $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
          $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
          $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
          if( $dismbx -ne $null)
          {
          $srvname = $dismbx.ServerName;
          if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
          {
          Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -eq $null )
          {
          Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
          mount-database $dismbx.Database;
          }

          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -ne $null )
          {
          $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagement_InitInfo.WellKnownGuid;
          $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
          if( $dmRoleGroup -ne $null )
          {
            trap [Exception]
            {
              Add-MailboxPermission $dismbx -User $dmRoleGroup.Name -AccessRights FullAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
              continue;
            }
           
            Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
          }
          }
          }
          }
        " was run: "Microsoft.Exchange.Data.Common.LocalizedException: Couldn't resolve the user or group "donelligroup.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

   at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetSecurityPrincipal(IRecipientSession session, SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   at Microsoft.Exchange.Management.RecipientTasks.SetMailboxPermissionTaskBase.InternalValidate()
   at Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission.InternalValidate()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
0
 
SIES di Andrea BarbonAuthor Commented:
The AD was so compromised I had to reinstall all the system
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.