Exchange 2007 SP1 CCR install fails with 0x8007139F on Windows Server 2003 Cluster
There are a few scenarios where a CCR install will fail with a 0x8007139F error on Windows Server 2003. One of those are because the cluster service account does not have permissions to create the CMS computer object. By default the cluster account should not have a issue doing this however, in environments where you have locked down creation by GPO or locked down the computers OU you will see this happen.
So you have your Windows Server 2003 OS and all pre-requisites for Exchange Server 2007 are installed and you have configured failover cluster following How to Create a Windows Server 2003 Failover Cluster for Cluster Continuous Replication. You have also installed an Exchange passive install on both nodes using How to Install the Passive Clustered Mailbox Role in a CCR Environment on Windows Server 2003. This is the method I recommend you use when installing CCR into your environment.
Let’s say that your AD management deems that the accounts that are not Domain Admins cannot create computer objects in AD and they have locked this down via GPO. The account you are using for the cluster service only has "Exchange Organization Administrator" and "Domain Users" as below:
This account was selected to be used during the failover cluster configuration as the cluster service account in the cluster creation wizard during setup. Now you are ready to complete the /newcms command and when you do you get the following error.
If you go into ADUC and check, the account for the CMS is not created. Furthermore, checking the exchange setup logs in <drive>:\ExchangeSetupLogs you find the following errors and entries:
[7/22/2009 6:31:47 PM] [1] [ERROR] Cluster Common Failure Exception: Failed to bring cluster resource Network Name (CCRA) in cluster group ClusterCCRA online. The event log may contain more details. Cluster Common Failure Exception: The group or resource is not in the correct state to perform the requested operation. (Exception from HRESULT: 0x8007139F)
[7/22/2009 6:31:47 PM] [1] Setup is halting task execution because of one or more errors in a critical task.
[7/22/2009 6:31:47 PM] [1] Finished executing component tasks.
[7/22/2009 6:31:47 PM] [1] Ending processing.
[7/23/2009 12:10:27 PM] [0] [WARNING] Setup has made changes to operating system settings that require a reboot to take effect. Please reboot this server prior to placing it into production.
[7/23/2009 12:10:34 PM] [0] End of Setup
[7/23/2009 12:10:34 PM] [0] **********************************************
Also if you look at the configuration container at:
CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=First Organization,CN=Administrative Groups,CN=Exchange Administrative Group (guid),CN=YourAdminGroup,CN=Servers
there will not be a server object created for the CMS
To get around this complete the following steps:
Open ADUC and make sure you select advanced features by going to view and click the advanced features options:
In the container that you are provisioning the computer object, right click and create a new computer object for the CMS name. On the first dialog box you will see the option to set a account that can join the computer object to the domain. Below you will see where I have set this up to be my cluster service account:
Now that the computer account is created, we need to modify the permissions on it.
On the security tab of the computer object you created for the CMS
Select add, in the group or user names box, find the cluster service account you are using.
Assign FULL CONTROL to this computer account for the cluster service account.
Allow time for AD replication.
at this point you can run the /newcms command again and as you see below it will complete successfully!
I have also seen 2 other scenarios where even after setting the above it can fail again with the same 0x8007139F error. If it does then open cluster administrator and check your active resources for the active node and make sure all instances are started. You may find that the First Storage Group/Mailbox Database or the Exchange System Attendant Instance has failed like below:
If you run into this issue, then simply online the failed resource and re-run setup and it will complete successfully.
reference links:
Planning Checklist for Cluster Continuous Replication
How to Create a Windows Server 2003 Failover Cluster for Cluster Continuous Replication
How to Install the Passive Clustered Mailbox Role in a CCR Environment on Windows Server 2003