Cannot install Exchange 2010 SP1 - SeSecurityPrivilege
It's a new server running Windows Server 2008 R2 SP1 in an existing domain that earlier had an Exchange organisation that was subsequently removed (so this is a new Exchange organisation installation). I'm installing Exchange 2010 SP1. When I run Exchange setup, I get the "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" error in the installation GUI. It also appears in the Setup log, which I have repeated below: [02-20-2011 17:22:42.0041] [2] Active Directory session settings for 'Set-LocalPermissions' are: View Entire Forest: 'True', Configuration Domain Controller: 'Server.domain.local', Preferred Global Catalog: 'Server.domain.local', Preferred Domain Controllers: '{ Server.domain.local }' [02-20-2011 17:22:42.0041] [2] Beginning processing Set-LocalPermissions [02-20-2011 17:22:42.0446] [2] [ERROR] Unexpected Error [02-20-2011 17:22:42.0446] [2] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0477] [2] Ending processing Set-LocalPermissions [02-20-2011 17:22:42.0493] [1] The following 1 error(s) occurred during task execution: [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetDirectorySecurity(String path, DirectorySecurity directorySecurity) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.ChangePermissions[TTarget,TSecurity,TAccessRule,TRights](XmlNode targetNode, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel[TTarget,TSecurity,TAccessRule,TRights](XmlNode permissionSetNode, String targetType, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel(XmlNode permissionSetNode) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.InternalProcessRecord() [02-20-2011 17:22:42.0493] [1] [ERROR] The following error was generated when "$error.Clear(); Set-LocalPermissions " was run: "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.". [02-20-2011 17:22:42.0493] [1] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] [ERROR-REFERENCE] Id=AllRolesCommonFirst___00573a17b6e34c26842a6646830d57fa Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup [02-20-2011 17:22:42.0493] [1] Setup is stopping now because of one or more critical errors. [02-20-2011 17:22:42.0493] [1] Finished executing component tasks. [02-20-2011 17:22:42.0633] [1] Ending processing Install-BridgeheadRole I did some research and people said to run policytest.exe to check the security policy. When I run policytest I get this error: =============================================== Local domain is "domain.local" (DOMAIN) LookupAccountName returned error 1332 Abnormal exit from PolicyTest So clearly something is amiss with the AD / Policy config. Where do I go from here?
February 20th, 2011 2:26pm

I managed to solve the SeSecurityPrivilege issue by going through all of my Group Policy Object files and removing the definitions for the "Manage the Auditing and Security Log" policy. The policy was defined in a few of my GPOs and contained two unidentified and unresolved SID entries. I now have Exchange 2010 installed okay, but I still get LookupAccountName 1332 errors when I run policytest.
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 10:53am

Hi, Thank you for your update and I'm glad to hear that Exchange server is installed successfully. The solution is useful if other forum user has the same problem in future. Meanwhile, regarding to the LookupAccountName 1332 error, please refer to the following steps to troubleshoot the issue. 1) Open the Default Domain Controllers Security Settings snap-in on the domain controller specified in the event description. 2) In the console tree, under Security Settings, expand Local Policies, and then click User Rights Assignments. 3) In the results pane, double-click Manage auditing and security log. Verify that both the Exchange Servers group and the Exchange Enterprise Servers group are listed. 4) Make sure that the Exchange server is still a member of the Exchange Domain Servers group. Also, make sure that the Exchange Domain Servers group is a member of Exchange Enterprise Servers group. 5) Make sure that the group permissions are inherited by the Microsoft Exchange computer account. Besides, please run NetDiag and DCDiag to check whether the network connection and dc connection is all right.(If any error occur, please post here.) Thanks. Novak Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 24th, 2011 9:20pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics