A setup prerequisite change in Exchange 2007 SP1


EDIT: this post has been edited on 8/10/2007 to correct the requirement for the W2003 DC/GC servers. Please see below for full details.

We have heard from customers who tried to install Exchange 2007 RTM for the first time in their environment and then encountered setup failures either because one or more domains in the forest did not have a Windows 2003 Service Pack 1 Domain Controller / Global Catalog (DC/GC) server (these domains typically only had Windows 2000 DC/GCs) or one or more child domains in the forest were not reachable. In both cases, when Exchange 2007 RTM setup is run for the first time or when the Administrator attempts to prepare a domain for Exchange 2007 by running setup.com /PrepareAD or setup.com /PrepareDomain, setup would fail and the Exchange Server Setup Progress Log would contain information which would be similar to the following:


[5/29/2007 5:51:49 PM] [1] [ERROR] Domain child.contoso.com is not currently reachable. Please verify the connection to this domain and run PrepareDomdain for this domain again.

[5/29/2007 5:51:49 PM] [1] [ERROR] No suitable Domain Controller was found in domain ‘child.contoso.com’. Errors:

Domain Controller ‘DC1.child.contoso.com’ Operating System version is 5.0 (2195) Service Pack 4. The minimum version required is 5.2 (3790) Service Pack 1.

Domain Controller ‘DC2.child.contoso.com’ Operating System version is 5.0 (2195) Service Pack 4. The minimum version required is 5.2 (3790) Service Pack 1.


For unreachable domains, this typically happens when setup tries to read the SID of the Domain Admins group from each of the child domains that only have Windows 2000 DCs. Since the membership of the Domain Admins security group does not get replicated to GCs, setup needs to contact a DC in that domain and it fails if it determines that the domain is unreachable.

For domains that are reachable but only have Windows 2000 DCs, setup fails when trying to add the ACEs on the Domain Container and the Microsoft Exchange System Objects container for the Exchange Servers Universal Security Group.

With Exchange 2007 Service Pack 1, this behavior will change. When Exchange 2007 SP 1 setup is run, it will be allowed to proceed even if it finds no suitable domain controller in other domains. SP1 setup will require a Windows 2003 Service Pack 1 DC/GC in the domain that setup is being executed from, but all other domains are not going to be checked for this requirement. You will however need to ensure that you have at least one Windows 2003 SP 1 DC/GC in every domain that needs to be prepared for Exchange 2007 SP1 at the later time (in other words – if you need to run the Exchange 2007 /preparedomain setup switch). All other domains could contain only Windows 2000 DCs/GCs.

Exchange 2007 SP1 will require Windows 2003 SP2 to be installed on the machine that Setup is run from.

Sachin Shah

Comments (15)
  1. Roman says:

    Good article.  Thanks!!!

  2. Trix says:

    I just think it’s utterly amazing you had to idiot-proof it like that. Even if supposed Exchange/Windows admins can’t be bothered reading the system requirements *before* the install, surely they’d do so *afterwards* when it all went pearshaped? Obviously not.

    And, seriously, unless you’ve been in this line of work for less than 6 months, AND you don’t have an MCSE, OR this will be your first Exchange install, how could you not be aware it requires a 2003 domain? Unless you’ve been buried in a concrete bunker, I suppose.

  3. Sachin Shah says:

    Trix: This was posted as the documentation around this requirement is not very clear, while the documentation states that "every site where Exchange 2007 will be installed should have a Windows 2003 SP1 DC ….", whereas the fact is that you need a Windows 2003 SP1 DC in *every domain* of the forest (regardless of whether the domain/s will ever have an Exchange 2007 Server) and this is the issue, customers were surprised to learn that *every domain* in the forest needed a Windows 2003 SP1 DC and not *every site*, this is true for the RTM Version, but will change with SP1, HTH :)

  4. Keith says:

    Just to clear this up.

    I have a forest with several domains some are W2003/E2000 and many more are W2000/E2000. The plan has been to not upgrade the W2000/E2000 domains but to install E2007 into the W2003 domains. Then migrate the users and mail and then decommission the old W2000/E2000 domains.

    With SP1 will I need to run /PrepareLegacyExchangePermission in the W2000/E2000 domains?

    Will I be able to extend the schema using the switches /PS /DC:W2003dc.domain.com?

    Thank you

    Keith

  5. Sachin Shah says:

    Keith: With SP1 you will still be able to run /ps /dc:W2003DC.Domain.com, this has not changed.

    You do not need to run /preparelegacyexchangepermissions on a per domain basis. HTH :)

  6. buy mp3 player says:

    This may be a dumb question, or not entirely on-topic (though I’m not sure that it’s entirely off-topic either).  I’m fairly new to working with some of these programs, but it seems to me that you are essentially suggesting that emails are never really lost — it’s only a matter of tracking down which folder they wound up in, and that depends on how the program is set up and how the messages are actually sent.  Does this discussion have any bearing on the current White House scandal involving the loss of email from many administration officials and staffers?  While I wouldn’t necessarily expect that they would be using this specific program, surely there are similarities to be found, and I’d be interested to know from a technical point of view how you would explain the fact that a number of emails actually were lost in one way or another.

  7. kmurphy_dc says:

    Thanks for the answer can you please give a yes or no to this question.

    In the forest outlined above do the domains with W2000/E 2000 that will never host  E2007 need to be upgraded to windows 2003 DC/GC?

    This is why I am confused. Your post talks about running /PrepareDomain

    But according to the documentation the order of the switches is:

    1) /PrepareLegacyExchangePermissions

    2) /PrepareSchema

    3) /PrepareDoamin

    And the documentation says that

    “When transitioning from Exchange 2000 Server to Exchange Server 2007, you must first grant specific Exchange permissions in each domain in which you have run Exchange 2003 or Exchange 2000 DomainPrep. To do this, you run the setup /PrepareLegacyExchangePermissions command”  

    So as I read that it means that every domain that has E2000 will need to have the /PL switch run against it. And to run the switch you must have W2003.

    I have been able to run the /pl switch against a W2003 domain. However when I try run the setup /ps /dc:W2003DC.Domain.com it fails with the error about no W2003 GC in the other W2000 domains. (I am running the /PS in the W2003 domain.)

    BTW I am using the 32 bit  sp1 version demo version.

    Thanks for your help.

  8. Sachin Shah says:

    kmurphy: The answer to your question is "No", the W2000/E2000 domains that will never host E2007 need not be upgraded to W2003.

    /pl contacts each domain in the forest when it is run, /pl does not need to be run on a per domain basis like /domainprep from E200X, you need to run it against specific domains only if the domain was added to the forest after you ran /pl or after you run /domainprep from E200X (I will be posting another blog explaining each of the switches soon.)

    If you are using the SP1 Beta1 bits for running /ps, the same should not fail even if there are unreachable or downlevel domains in the forest.

    HTH :)

  9. Steve Omar says:

    When do we expect SP1 to be released?

  10. Daif says:

    I am running a single domain with (2) DCs

    1 – Windows 2000 Server with Exchange 2000 installed

    2 – Windows 2003 SP2

    My Exchange 2007 installation (on a seperate machine) fails because it keeps looking at the Windows 2000 DC and not the 2003 DC.

    Is there any way I can fix this?

  11. Exchange says:

    Daif,

    You can work around by using the /DomainController parameter in setup to explicitly specify the DC you want Setup to use.

    http://technet.microsoft.com/en-us/library/aa997281.aspx

  12. Jeff25 says:

    Daif,

    Are you saying that is ther are any 2000 DC’s you must intall via command line?

  13. Exchange says:

    Jeff,

    You do not have to and it is not always required… however if you do run into a problem as Daif ran into – then running from command line can be a workaround.

  14. Lydia3 says:

    Can any one help me, please?  

    I have single domain with 2 2000DCs and 2 2003DCs.

    Exchange 2000 is installed in one of 2000DCs.

    I did do my homework and checked the prerequicies.

    First, Setup.com /PL ran fine. Then, I had problem to prepare scheme.  It only check 2000DC’s AD and failed because state of AD in 2000 is 5.0 and minimin is 5.2.  So, I disconnect all of my 2000DCs and ran /ps.  It worked; /pad completed as well.

    Now, I ran exe and installation was failed because it kept looking at AD in 2000DC

    According to what I read from "Exchange", I have to use "CMD" to modify my installation.  

    Please confirm my intrepetation is correct.

    If it is right, my switch will be:

    setup.com /mode:install /roles:ca, ht, mb, mt /Targetdir: /dc:win2k3.acme.com /enablelegacyoutlook

    and whole bunch of command.  

    Is it right?

  15. Exchange says:

    Lydia,

    Yes that looks right!

Comments are closed.

Skip to main content