Exchange 2013 CU9 Upgrade fails during PrepareAD

 am installing Exchange 2013 CU9 into a site with an existing Exchange 2013 Cu3 installation. During the ADPREP phase of installation I am getting the following error.

  PS C:\Users\chilco\Desktop\ex2013> .\Setup.exe /preparead /IAcceptExchangeServerLicenseTerms

Welcome to Microsoft Exchange Server 2013 Cumulative Update 9 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.

Performing Microsoft Exchange Server Prerequisite Check

    Prerequisite Analysis                                                                             COMPLETED

Configuring Microsoft Exchange Server

    Organization Preparation                                                                          FAILED
     The following error was generated when "$error.Clear();
        install-CannedAddressLists -DomainController $RoleDomainController

" was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on DC01.ad.company.com
. This error is not retriable. Additional information: A system flag has been set on the object and does not allow the o
bject to be moved or renamed.
Active directory response: 00002185: SvcErr: DSID-031B0E8F, problem 5003 (WILL_NOT_PERFORM), data 0
 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The server cannot handle directory requests.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, Resu
ltAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOpe
ration, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest reques
t, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRe
quest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest reques
t, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest reques
t, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest reques
t, ADObjectId originalId)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean by
passValidation)
   at Microsoft.Exchange.Management.Deployment.InstallCannedAddressLists.RenameAllGroupsAddressListToAllDistributionList
s()
   at Microsoft.Exchange.Management.Deployment.InstallCannedAddressLists.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePip
elineIfFailed)".


The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
<SystemDrive>:\ExchangeSetupLogs folder.

And from the Exchange Setup Logs I see this

# [ID = 525068733, Wt = 1, isFatal = True] "Creating Exchange configuration objects in Active Directory."
7/30/2015 4:01:30 PM:
          $policy = Get-RecipientEnforcementProvisioningPolicy -DomainController $RoleDomainController;
          if ($policy -ne $null -and (($policy.Name -ne "Recipient Quota Policy") -or (-not $policy.TargetObjects.Contains("SyncMailbox"))))
          {
            $dlQuota = $policy.DistributionListCountQuota;
            $mbQuota = $policy.MailboxCountQuota;
            $muQuota = $policy.MailUserCountQuota;
            $mcQuota = $policy.ContactCountQuota;
            $pfmbQuota = $policy.PublicFolderMailboxCountQuota;
            $tmbQuota = $policy.TeamMailboxCountQuota;
            $mpfQuota = $policy.MailPublicFolderCountQuota;

            Remove-RecipientEnforcementProvisioningPolicy -Identity $policy.Identity -Confirm:$false -DomainController $RoleDomainController;
            $newPolicy = New-RecipientEnforcementProvisioningPolicy -DomainController $RoleDomainController;
            Set-RecipientEnforcementProvisioningPolicy -Identity $newPolicy.Identity `
              -DistributionListCountQuota $dlQuota `
              -MailboxCountQuota $mbQuota `
              -MailUserCountQuota $muQuota `
              -ContactCountQuota $mcQuota `
              -PublicFolderMailboxCountQuota $pfmbQuota `
              -TeamMailboxCountQuota $tmbQuota `
              -MailPublicFolderCountQuota $mpfQuota `
              -DomainController $RoleDomainController;
            }

# [ID = CommonGlobalConfig___0bacae60e7a44f2790527a71c0f31a7d, Wt = 1, isFatal = True] "Creating Exchange configuration objects in Active Directory."
7/30/2015 4:01:30 PM:install-Container -Name:"Address Lists Container" -DomainController $RoleDomainController
# [ID = 1607811158, Wt = 1, isFatal = True] "Creating Exchange configuration objects in Active Directory."
7/30/2015 4:01:30 PM:install-Container -Name:"Address Lists Container","Offline Address Lists" -DomainController $RoleDomainController
# [ID = CommonGlobalConfig___662cf7f2fd9149118e6f9b763c24ffb6, Wt = 1, isFatal = True] "Creating Exchange configuration objects in Active Directory."
7/30/2015 4:01:30 PM:install-CannedAddressLists -DomainController $RoleDomainController

August 6th, 2015 6:32pm

Hi,

Based on this error: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on DC01.ad.company.com. This error is not retriable. Additional information: A system flag has been set on the object and does not allow the object to be moved or renamed.

It seems that system flag has been set on some object in exchange. And I searched around, if the following flag is set on the systemFlags attribute of object, the system will not allow the object to be deleted or moved to another domain.

FLAG_DISALLOW_DELETE (0x80000000)

And according to the commands in the Exchange Setup Logs: install-Container-Name:"Address Lists Container","Offline Address Lists" -DomainController $RoleDomainController

I suggest to check the Address Lists Container and "Offline Address Lists" objects in ADSIEdit. The path of these two objects are following:

CN=Address Lists Container,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com

CN=Offline Address Lists,CN=Address Lists Container,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com

Right-click on them and check the systemFlags attribute.

Best Regards.

Free Windows Admin Tool Kit Click here and download it now
August 7th, 2015 2:51am

Hello,

Thanks for the advice, I did see that CN=offline Address Book has the system flag set 0x6000000 (CONFIG_ALLOW_RENAME)    and that CN=Address Lists Container has system flag 0x4000000

I did not see any 0x8000000 system flags in the configuration.  Is this potentially what is blocking the operation?  If so how do I remove this flag in ADSI or lpd?  

From looking at other Exchange 2013 installs I have in production these two flags are common on these objects.


August 7th, 2015 11:51am

Hello,

Thanks for the advice, I did see that CN=offline Address Book has the system flag set 0x6000000 (CONFIG_ALLOW_RENAME)    and that CN=Address Lists Container has system flag 0x4000000

I did not see any 0x8000000 system flags in the configuration.  Is this potentially what is blocking the operation?  If so how do I remove this flag in ADSI or lpd?  

From looking at other Exchange 2013 installs I have in production these two flags are common on these objects.


Free Windows Admin Tool Kit Click here and download it now
August 7th, 2015 3:49pm

I am unable to find any object or folder within ADSI Edit that has a system flag that would prevent performing the Setup.exe /PrepareAD for Cu9....
August 19th, 2015 12:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics