Exchange 2013 CU upgrade

Hi

I'm having a Exchange 2013 needing upgrade from CU5 to CU10, but it fails on prepar-activeDirectory
[10.21.2015 22:14:21.0864] [2] Active Directory session settings for 'Install-CannedAddressLists' are: View Entire Forest: 'True', Configuration Domain Controller: 'dc2012.domain.com', Preferred Global Catalog: 'dc2012.domain.com', Preferred Domain Controllers: '{ dc2012.domain.com }'
[10.21.2015 22:14:21.0864] [2] User specified parameters:  -DomainController:'dc2012.domain.com'
[10.21.2015 22:14:21.0864] [2] Beginning processing install-CannedAddressLists
[10.21.2015 22:14:21.0895] [2] Processing object "\".
[10.21.2015 22:14:21.0926] [2] Searching objects of type "AddressBookBase" with filter "(|((LdapRecipientFilter Equal (&(mailNickname=*)(objectCategory=group)))(|((LdapRecipientFilter Equal (& (mailnickname=*) (| (objectCategory=group) )))))))", scope "OneLevel" under the root "\".
[10.21.2015 22:14:21.0926] [2] Previous operation run on domain controller 'dc2012.domain.com'.
[10.21.2015 22:14:21.0926] [2] Previous operation run on domain controller 'dc2012.domain.com'.
[10.21.2015 22:14:21.0957] [2] Active Directory operation failed on dc2012.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

[10.21.2015 22:14:21.0973] [2] The user has insufficient access rights.
[10.21.2015 22:14:22.0004] [2] Ending processing install-CannedAddressLists

So there I'm stuck. This apparently was encountered during CU8 upgrade aswell

How to get around this?
PrepareSchema and AD works all right

Was migrated from EX2007 but EX2007 is decomissioned

And yes, I'm enterprise, domain, schema and superduperhailcesar-admin
LVL 23
Jakob DigranesSenior ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to go from CU5 to CU7 and then CU10? Although the CU are cumulative might be worth a shot. I have however never seen this issue specificially unless you did not have proper Group membership.

Does this Exchange server reside in the AD site where the Schema Master and Infrastrucutre Master is?

Will.
AmitIT ArchitectCommented:
As Will advised above. Can you let us know, where your Schema server resides. Is that on same site or different. If it is on different site, you can prepare it AD separate and then install Exchange update.
Jakob DigranesSenior ConsultantAuthor Commented:
Hi

haven't tried Cu5 to CU7 but looks like the other IT-guy tried CU6 before.
I'm running this in a single-site domain, from FSMO-holder DC both as administrator and tried my admin account. All schema, domain and enterpries admins.

But it turns out that they had problems with address book when migrating from 2007 -> 2013.

Will look in ADSI edit during the weekend to see if I can see anything there, on the custom built address list created during migration
Jakob DigranesSenior ConsultantAuthor Commented:
Thanks for all experts participating; the solution was an address list for Groups. Originally made With EX2k or Ex2k3 and migrated to EX2007.

From Setuplog:

   at Microsoft.Exchange.Management.Deployment.InstallCannedAddressLists.RenameAllGroupsAddressListToAllDistributionLists()
    at Microsoft.Exchange.Management.Deployment.InstallCannedAddressLists.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
 [11.06.2015 20:01:32.0670] [1] Active Directory operation failed on EX2013.mydomain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
 Active directory response: 00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


Clearly it had trouble renaming addresslist 'All Groups' to 'All distribution Groups'; and when looking into addresslist 'All Groups' it showed as RecipientType Legacy and Version 6

Deleted address list and ran /PrepareAD and it recreated address list With correct name.

Looking at a Pre-CU7 EX2013 the addresslist still have the same name, 'All Groups' which explains why migration from EX2007 to EX2013Cu4 worked

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jakob DigranesSenior ConsultantAuthor Commented:
exchangeSetupLog gave it up
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.