Exchange Server 2013 CU5 Installation Issue


Our resident Exchange expert Frank Plawetzki bei Deutschland takes us through a recent production issue he resolved, and as always the devil is in the details!


This week one of the servers we wanted to upgrade with Exchange server 2013 CU5 failed during the prerequisite analysis. The server was running Exchange server 2013 SP1 also known as CU4.

I thought it would be worthwhile sharing in case more people in the field run into the same issue. 

 

Exchange setup creates a log file that is contained in the  <SystemDrive>:\ExchangeSetupLogs folder and is named ExchangeSetup.log.   When we looked at the log file the below content was found. 

Can you spot the issue below?  And saying that the result was a failure does not count…

 

Exchange 2013 CU5 Setup Log Contents

Error in the command line was:

Performing Microsoft Exchange Server Prerequisite Check

Configuring Prerequisites                                 COMPLETED

Prerequisite Analysis                                     FAILED

 

Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 servers.

For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE12ServerWarning.aspx

Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.

For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx

     The Mailbox server role isn't installed on this computer.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx

     The Mailbox server role isn't installed on this computer.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx

     Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx

     You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx

     You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx

     You must use an account that's a member of the Organization Management rolegroup to install the first Client Access server role in the topology.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx

     You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx

     You must use an account that's a member of the Organization Management rolegroup to install or upgrade the first Mailbox server role in the topology.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx

     You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology

 

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx

     You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx

     Setup encountered a problem while validating the state of Active Directory:

Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master.  Run setup with the /prepareAD parameter on a computer in the domain contoso.com and site HQ, and wait for replication to complete.  See the Exchange setup log for more information on this error.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

     The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

     Either Active Directory doesn't exist, or it can't be contacted.

     For more information, visit: https://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

 

Troubleshooting The Issue

In this scenario we wanted to understand exactly what had happened.  We talked to the AD architect responsible for preparing the AD schema upgrades that are part of CU5, and he confirmed that the necessary schema and active directory preparation steps which went through without issues.  

Strange, so what else could be up?  My initial thought was that the server might not have been ready to contact active directory.  So, I did a quick check of the configuration details which are important to check in a situation like this anyways:

· Is the logged on user member in the necessary groups?
In my opinion the easiest way to check this is WHOAMI /GROUPS.

· Is the TCP/IP configuration of the Exchange server correct, especially gateway IP address and DNS settings

One of the error message details above when the upgrade failed is a bit misleading, since if mentions the forest functional level, but we checked it anyways since the error message mentioned it. The forest functional level can be checked as described here: Raise the Forest Functional Level

But the forest functional level together with the other TCP/IP settings was OK, so I had a closer look at the error message and the ExchangeSetup.log

 

Exchange 2013 CU5 Setup Log Contents – Episode II (Revenge Of the PFE)

The following line from ExchangeSetup.log hinted to the issue:

[06.04.2014 07:24:48.0532] [0] PrepareAD has either not been run or has not replicated to the domain controller used by Setup.

At this point I double-checked the versions the schema on organization object.

The correct versions are mentioned in this article: Prepare Active Directory and domains

The following table shows the correct valued for each Exchange version:

Exchange 2013 Schema Versions

The schema was already on the correct version 15300.

Whereas, the object version of the organization object was still on 15844 (Exchange 2013 SP1), instead of 15870:

Exchange 2013 ObjectVersion

At the point it was clear that for some reason /PrepareAD in fact did not run successfully.

 

Solution

Running Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms again solved the issue and the object version of the organization object was modified to the correct value of 15870.

 

Root Cause

Naturally, we needed to talk to the AD architect again and verify every step he took. 

He had performed the necessary steps, but used the old syntax of

Setup.exe /PD /IAcceptExchangeServerLicenseTerms

and

Setup.exe /PAD /IAcceptExchangeServerLicenseTerms

 

 

It appears that those parameters did not work correctly, therefore the recommended procedure is using the switches as documented in the help documentation:

Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

and

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

For more details see: Prepare Active Directory and domains

 


Posted by MPSE editor Rhoderick Milne.  Who is waiting for the inevitable comment that  /IAcceptExchangeServerLicenseTerms  is simply not long enough and should also be made case sensitive.