Exchange 2010 SP3 failed in the Organization Preparation steps ?

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 Exchange 2010 SP3 failed in the Organization Preparation steps ?

This topic contains 10 replies, has 2 voices, and was last updated by Avatar Albertwt 4 years, 10 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • Avatar
    Albertwt
    Member
    #164687

    Hi All,

    I need your experts advice in how to resolve the problem in installing the SP3.

    I’m executing the Setup.COM /PrepareAD command from my Schema Master DC with the elevated command prompt under my user account (which is a member of Enterprise, Domain and Schema admin group).

    Somehow the installation always end up in Organization Preparation FAILED step.

    the following error message is the detailed error when I look through the ExchangeSetup.log file:

    Quote:
    [ERROR] Active Directory operation failed on. The object ‘OU=Microsoft Exchange Security Groups’ already exists.
    [ERROR] The object exists.
    [ERROR-REFERENCE] Id=443949901

    Any kind of help and suggestion to help me get through this error would be greatly appreciated.

    Thanks.

    Avatar
    Albertwt
    Member
    #317993

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Here is the error section of the ExchangeSetup.log which mentions about the error:

    Quote:
    [12/22/2014 22:12:14.0346] [1] Executing:
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    [12/22/2014 22:12:14.0377] [2] Active Directory session settings for ‘initialize-ExchangeUniversalGroups’ are: View Entire Forest: ‘True’, Configuration Domain Controller: ‘PRODDC01.MyDomain.com’, Preferred Global Catalog: ‘PRODDC01.MyDomain.com’, Preferred Domain Controllers: ‘{ PRODDC01.MyDomain.com }’
    [12/22/2014 22:12:14.0377] [2] Beginning processing initialize-ExchangeUniversalGroups -DomainController:’PRODDC01.MyDomain.com’ -ActiveDirectorySplitPermissions:$null
    [12/22/2014 22:12:14.0408] [2] Used domain controller PRODDC01.MyDomain.com to read object DC=MyDomain,DC=com.
    [12/22/2014 22:12:14.0424] [2] Used domain controller PRODDC01.MyDomain.com to read object CN=Configuration,DC=MyDomain,DC=com.
    [12/22/2014 22:12:14.0424] [2] Used domain controller PRODDC01.MyDomain.com to read object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=com.
    [12/22/2014 22:12:15.0096] [2] [ERROR] Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0096] [2] [ERROR] The object exists.
    [12/22/2014 22:12:15.0111] [2] Ending processing initialize-ExchangeUniversalGroups
    [12/22/2014 22:12:15.0111] [1] The following 1 error(s) occurred during task execution:
    [12/22/2014 22:12:15.0127] [1] 0. ErrorRecord: Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0127] [1] 0. ErrorRecord: Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists. —> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
    at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
    at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
    at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable1 clientSideSearchTimeout)
    at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
    — End of inner exception stack trace —
    at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
    at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
    at Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable
    1 properties)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateExchangeUSGContainer(String name, ADSystemConfigurationSession session, ADObjectId domain)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
    [12/22/2014 22:12:15.0127] [1] [ERROR] The following error was generated when “$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions” was run: “Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.”.
    [12/22/2014 22:12:15.0127] [1] [ERROR] Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0127] [1] [ERROR] The object exists.
    [12/22/2014 22:12:15.0127] [1] [ERROR-REFERENCE] Id=443949901 Component=
    [12/22/2014 22:12:15.0127] [1] Setup is stopping now because of one or more critical errors.
    [12/22/2014 22:12:15.0127] [1] Finished executing component tasks.
    [12/22/2014 22:12:15.0143] [1] Ending processing Install-ExchangeOrganization
    [12/22/2014 22:12:15.0158] [0] The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :ExchangeSetupLogs folder.
    [12/22/2014 22:12:15.0174] [0] End of Setup
    [12/22/2014 22:12:15.0174] [0] **********************************************

    I have tried myself to locate and delete the Microsoft Exchange Security Groups OU but somehow it is not listed in the AD user & console as both OU or as Security group ?

    My domain is a single domain forest and but I’m not sure how the Exchange Server 2010 security scheme is setup before by my predecessor.

    there was no documentation and reasoning as to why those AD security group was deleted or left hidden somewhere.

    Further investigation and search in the AD structure, I cannot find all of the following security group through the ADUC:

    Quote:
    “Exchange Organization Administrators”
    “Organization Management”

    but when I perform the Powershell list command below, it somehow listed as below:

    [PS] C:Windowssystem32>get-rolegroupmember “organization management” | ft -AutoSize

    Name RecipientType
    —- ————-
    Exchange Organization Administrators Group
    Administrator UserMailbox
    Robert Gilles UserMailbox
    Mail Security Service Account UserMailbox
    Sunil Khan UserMailbox

    [PS] C:Windowssystem32>get-rolegroupmember “recipient management” | ft -AutoSize

    Name RecipientType
    —- ————-
    Exchange Recipient Administrators Group
    IT-Helpdesk-HQ Group

    [PS] C:Windowssystem32>[/CODE][CODE][PS] C:Windowssystem32>get-rolegroupmember “organization management” | ft -AutoSize

    Name RecipientType
    —-


    Exchange Organization Administrators Group
    Administrator UserMailbox
    Robert Gilles UserMailbox
    Mail Security Service Account UserMailbox
    Sunil Khan UserMailbox

    [PS] C:Windowssystem32>get-rolegroupmember “recipient management” | ft -AutoSize

    Name RecipientType
    —-


    Exchange Recipient Administrators Group
    IT-Helpdesk-HQ Group

    [PS] C:Windowssystem32>[/CODE]

    Avatar
    wullieb1
    Moderator
    #244958

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    I would hazard a guess that your org has already been schema prepped.

    Are you only updating exchange or is this a new install?

    Avatar
    Albertwt
    Member
    #317994

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288890 wrote:
    I would hazard a guess that your org has already been schema prepped.

    Are you only updating exchange or is this a new install?

    Well I’m updating my Exchange server SP2 into SP3.
    The error was seen from my AD domain controller with Schema Master role.

    The issue seems to be stemmed from missing Exchange Server built in security group which I expect that to be replaced after executing Setup.com /PrepareAD

    So I guess in this case I will have to find some other way to recreate those missing security group.

    Avatar
    wullieb1
    Moderator
    #244959

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    http://www.itguydiaries.net/2012/07/omg-exchange-security-groups-were.html

    Avatar
    Albertwt
    Member
    #317995

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Wullie,

    What’s the risk of running the setup.com /PrepareAD after editing the ADSI edit attributes ?

    I’m concerns that the steps in the blog could bring exchange server email delivery to a halt or totally stuffed my Exchange server.

    Avatar
    wullieb1
    Moderator
    #244961

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Having never done it i couldn’t say.

    Following the article i posted the author never had any issues, that were reported anyway.

    There is always an inherent risk of failure when doing things like this so ensure you have a good backup.

    Avatar
    Albertwt
    Member
    #317996

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288902 wrote:
    Having never done it i couldn’t say.

    Following the article i posted the author never had any issues, that were reported anyway.

    There is always an inherent risk of failure when doing things like this so ensure you have a good backup.

    Regardless what the security mechanism that the Exchange Server is used.
    Does the normal working condition of Exchange server 2010 requires the following example of the built in security group to exist in AD?

    Exchange Organization Administrators
    Microsoft Exchange Security Groups
    Organization Management
    etc….

    Avatar
    wullieb1
    Moderator
    #244963

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Yes. All the groups that are created by Exchange are required in some way for the system to function.

    Avatar
    Albertwt
    Member
    #317997

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288906 wrote:
    Yes. All the groups that are created by Exchange are required in some way for the system to function.

    Cool, I’ll follow that article to delete the corrupted AD entries and then recreate the security group with setup.com /PrepareAD

    Is that the correct command or do I have to run /PrepareSchema as well before /PrepareAD on the AD Schema Master DC ?

    Avatar
    wullieb1
    Moderator
    #244964

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Follow the article.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.