Cannot install Exchange 2010 SP1 - SeSecurityPrivilege
It's a new server running Windows Server 2008 R2 SP1 in an existing domain that earlier had an Exchange organisation that was subsequently removed (so this is a new Exchange organisation installation). I'm installing Exchange 2010 SP1.
When I run Exchange setup, I get the "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" error in the installation GUI. It also appears in the Setup log, which I have repeated below:
[02-20-2011 17:22:42.0041] [2] Active Directory session settings for 'Set-LocalPermissions' are: View Entire Forest: 'True', Configuration Domain Controller: 'Server.world.local', Preferred Global Catalog: 'Server.world.local', Preferred Domain Controllers: '{ Server.world.local }'
[02-20-2011 17:22:42.0041] [2] Beginning processing Set-LocalPermissions
[02-20-2011 17:22:42.0446] [2] [ERROR] Unexpected Error
[02-20-2011 17:22:42.0446] [2] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
[02-20-2011 17:22:42.0477] [2] Ending processing Set-LocalPermissions
[02-20-2011 17:22:42.0493] [1] The following 1 error(s) occurred during task execution:
[02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
[02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetDirectorySecurity(String path, DirectorySecurity directorySecurity)
at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.ChangePermissions[TTarget,TSecurity,TAccessRule,TRights](XmlNode targetNode, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll)
at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel[TTarget,TSecurity,TAccessRule,TRights](XmlNode permissionSetNode, String targetType, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll)
at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel(XmlNode permissionSetNode)
at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.InternalProcessRecord()
[02-20-2011 17:22:42.0493] [1] [ERROR] The following error was generated when "$error.Clear();
Set-LocalPermissions
" was run: "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.".
[02-20-2011 17:22:42.0493] [1] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
[02-20-2011 17:22:42.0493] [1] [ERROR-REFERENCE] Id=AllRolesCommonFirst___00573a17b6e34c26842a6646830d57fa Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[02-20-2011 17:22:42.0493] [1] Setup is stopping now because of one or more critical errors.
[02-20-2011 17:22:42.0493] [1] Finished executing component tasks.
[02-20-2011 17:22:42.0633] [1] Ending processing Install-BridgeheadRole
I did some research and people said to run policytest.exe to check the security policy. When I run policytest I get this error:
===============================================
Local domain is "domain.local" (DOMAIN)
LookupAccountName returned error 1332
Abnormal exit from PolicyTest
So clearly something is amiss with the AD / Policy config.
Where do I go from here?
February 20th, 2011 2:27pm