More information on the setup prerequisite change in Exchange Server 2007 SP1


A while ago we told you about the setup prerequisite change in Exchange 2007 SP1 that allows setup to ignore unreachable domains and domains that do not have any domain controllers running a minimum of Windows 2003 SP1. That post is here:

http://msexchangeteam.com/archive/2007/07/30/446579.aspx

In this blog post we’d like to fill you in on the details of this prerequisite change and clear up any confusion about how this check actually works.

In supporting our TAP customers in Exchange, we had several cases that went something like this:

Customer: "Hey, I thought SP1 removed the requirement to have a Windows 2003 SP1 DC in all our domains? Setup is failing and telling me I have a domain that does not meet this requirement. We don’t have Exchange in that domain, what gives?"

Customer sees this in the setup GUI:

Or if from the Command Line Interface (CLI):

Support Services: "Interesting, can we see your setup logs please?"

In looking at these setup logs we noticed a pattern. In each case where setup suggested a domain needed a Windows 2003 SP1 DC, we found Exchange Domain Servers and Exchange Enterprise Servers security groups left over from a previous /domainprep. Though the customer may not have ever deployed any Exchange servers or mailbox enabled users in these domains, they had been prepped for Exchange.

In the setup logs you’ll find this:

[10/18/2007 5:28:41 PM] [0] Setup will run the task ‘test-setuphealth’

[10/18/2007 5:28:41 PM] [1] Setup launched task ‘test-setuphealth -DomainController ‘131224vm1.AP2-ROOT.com’ -DownloadConfigurationUpdates $true -ExchangeVersion ‘8.1.222.2’ -Roles ‘Global’ -ScanType ‘PrecheckInstall’ -SetupRoles ‘Global’ -PrepareDomain $null -PrepareLegacyExchangePermissions $null -PrepareOrganization $true -PrepareSchema $true’

[10/18/2007 5:28:41 PM] [1] Beginning processing.

[10/18/2007 5:29:16 PM] [1] [WARNING] The Active Directory schema will be upgraded if you continue. Verify that the organization is ready for Exchange 2007 by running the Exchange 2007 Readiness Check, which is part of the Exchange Best Practices Analyzer.

[10/18/2007 5:29:16 PM] [1] [WARNING] Cannot find the Recipient Update Service responsible for domain ‘DC=child,DC=AP2-ROOT,DC=com’. New and existing users may not be properly Exchange-enabled.

[10/18/2007 5:29:16 PM] [1] [ERROR] Cannot find at least one domain controller running Windows Server 2003 Service Pack 1 or later in domain ‘DC=child,DC=AP2-ROOT,DC=com’. This could be the result of moving domain controller objects in Active Directory. Check that at least one domain controller running Windows Server 2003 Service Pack 1 or later is located in the ‘Domain Controllers’ organizational unit (OU) and rerun setup.

[10/18/2007 5:29:16 PM] [1] Ending processing.

[10/18/2007 5:29:16 PM] [0] **************

However, this does not tell you exactly why setup wants to update this domain. What is actually happening here?

For each reachable domain, Exchange 2007 SP1 setup looks for the Exchange Domain Servers and Exchange Enterprise Servers groups to determine if this domain needs to be updated for Exchange 2007 SP1. Should it find these objects we require a DC running Windows 2003 SP1 or later to be present.

So how can you tell if this is the problem?

In the Exchange Setup Logs directory we include an ExBPA data file that corresponds to the setup run that failed (by time stamp).

If you open this file in the ExBPA you will see the Domain identified:

Select "Tree Reports" and you’ll get details of the specific groups:

Alternatively you can search the raw .xml files by right clicking on them and Opening them in Internet Explorer, then do a "Find" and search for "Exchange Domain Servers" and/or "Exchange Enterprise Servers". The results will look like this:

How do you recover from this problem?

If you know beyond doubt you have no mailbox enabled user accounts in this domain and you never intend on having them in this domain, then you can safely delete these groups.

However, you must not delete these groups from any domain hosting any Exchange servers, Public Folders, mailbox enabled user accounts, mail enabled users, or contacts! Doing so will break Exchange functionality for these domain objects.

Should you discover you have Exchange objects in this domain you must either upgrade a Domain Controller to Windows 2003 SP1 or migrate the objects to alternate domains, then delete the Exchange groups.

We hope this clears up any confusion about why Exchange Server 2007 SP1 setup calls out a particular domain for updating.

Corbin Meek


Share this post :

Comments (10)
  1. Jason Wilson says:

    When will the release version of SP1 actually be available for download?

  2. Jeremy Milton says:

    Does this mean that even if I never intend on installing an Exchange 2007 server in the domains that have previously been prepped for Exchange 2000/2003 and all I want to do is run the /preparelegacyexchangepermissions switch, those domains still require a Windows 2003 SP1 GC to exist?

  3. Oguz says:

    Please dont let us require another server for the UM service if want it to work with OCS 2007. It’s needing to much server to deploy the solution let it stay on the Exchange box like it is now.

    1 server for OCS 2007

    1 server for Mediation

    1 Edge for OCS

    1 Exchange Server

    1 Edge Transport

    and now UM of exchange on another server.

    Is this correct? If so don’t.

  4. Tom Laciano says:

    Oguz,
    The requirement for a standalone UM server with OCS was requested to allow customers participating in the TAP programs to avoid yet another schema change. The Exchange team put a check into setup that would bypass the schema change if SP1 was being applied to a server with the UM role as the only role. If you are participating in the OCS 2007 TAP program doing voice then you are required to do this to recieve support. If you are participating in the Exchange SP1 TAP you will need to confirm the guidelines for your participation.
    When SP1 reaches RTM the schema change will be required regardless if a server only has the UM role deployed.

    EDIT: So – the requirement for separating the roles was necessary only when deploying Beta versions of Exchange 2007 SP1. Once SP1 releases, this will not be required anymore.

    While this might be an inconvenience for the extra hardware the need for customers and partners to deploy in production required we provide them a suitable alternative.

    Tom Laciano
    Program Manager Unified Communictions

  5. easy1ndian says:

    any update(or date???) on when you will be kind enough to release the actual Exchange 2007 RTM which many of you may fondly call Exchange 2007 SP1? Also, is there a pledge taken by MS that any software released 2007 onwards will have to be 2GB in size and should take 7 GB once installed? There is no denying that MS has helped spread IT faster than any other company or technology. But don’t just jump into too many things at the same time. look at the product releases you had in the past year… Exchage 2007 RTM not complete, Windows Vista not complete, office 2007 not complete and windows 2008 (from my RC0 experience) is going to come as a rape victim having missing cloths and bleeding all over. I appreciate your Read-Only DC role though.

    Windows Vista still lacks customization options when it comes to enterprise. who the hell did the research and told you that XP Pro/Vista Business/Enterprise must(not removable) have a movie maker software? And what about integrating Windows Live and Marketplace. you guys really want another EU law suit?

    Please look into Windows XP SP2 and see if people, especially business require any other features which XP SP2 does not offer

    To top that, incompatibility with your own software??? how the hell did that happen when all the product development were taking place at the same time? Exchange 2007 SP1 on Windows 2003 can not be upgraded to O2K7 on Windows 2008? requires O2K7 sp1 to support installation on Windows 2008? SQL 2005 requires another service pack? Windows XP requires another? even Vista? and all I see in Windows 2008 is your desperate efforts to overcome VMWare monopoly?

    too many versions of Vista? and no noticeable difference at all between these versions? I installed Ultimate on Intel Q35 chipset and tested DreamScene but still image animation is not fluent. why do you need an experience index which, even on business desktops show score 3.0 counting on the integrated graphics? You could have taken that time to improve the monitoring tools in Vista or making user friendly explorer. and the Network management is another pain in everywhere component of Vista which actually does nothing other than trying to diagnose and miserably fail.

    Concentrate on what you have done before you set your scale high and  move on….

    All the best.

  6. johnoneill says:

    newbie, wrong place but somewhat related question i think.

    I have a dead exchange server. Wont doot but I can lok at the drive when connected ide or usb to another system (workstation)

    I dont need the server backup but I need the mail.

    How to I import it to a non exchange account in outlook.

    Any help much appreciated…

    John

  7. Corbin Meek says:

    Jeremy Milton: Short answer is yes.  Setup /preparelegacyexchangepermissions is going to require you to have a Windows 2003 SP1 or higher DC present in any domain with Exchange Domain Servers and Exchange Enterprise Servers groups.  This setup switch relies on the ADDriver, as do the other setup switches, which performs the SP1 DC pre-requisite check.

    Johnoneill: To recover e-mail data from a ‘dead’ Exchange Server you will have to perform a Disaster Recovery of some type.  Data cannot be extracted from the database file in an offline state by normal means.  We recommend you open a Support Incident with PSS if you require assistance.

  8. sam says:

    Any news on when SP1 will be released? I cannot seem to find the beta on any sites (including microsoft & msdn) and I have a massive migration coming up and the importexport pst features would save me a ton of time!

  9. Alexander Zammit says:

    Import/Export of PSTs can be done through ExMerge:

    http://www.exchangeinbox.com/articles/051/ex2k7exmerge.htm

  10. exchangeforce says:

    I have an upcoming migration from Exc2000 to 2007 and I have been waiting on SP1 to help me out. All of my 200+ users have their mail in their local PST’s and they all are laptop users.

    I need some pointers on how to proceed from the end-user standpoint with minimal disruption.

    I have thought about having the users dump their PST files on a network share and then use the import/export  capabilities of SP1. I am also trying to figure out a way to change their Outlook 2003 configuration to use the mailbox online after the PST have been imported without touching their laptops. Any tool that would help me do that?

    Thanks

Comments are closed.