Odd Exchange 2007 Installation Error
Hello, I'm having a strange error when trying to install Exchange 2007. When the installer is doing the Organization Preparation at the Completition stage it throws the following message: Error: There was an error when executing 'ldifde.exe' to import schema file 'C:\Documents and Settings\user\Desktop\ex\Setup\ServerRoles\Common\Setup\Data\PostExchange2003_schema0.ldf'. Error code: 8235. More details can be found in the error file 'C:\Documents and Settings\user\Local Settings\Temp\1\ldif.err' When I look at the log file, it has the following contents: Entry DN: CN=ms-Exch-ELC-Expiry-Action,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=com Add error on line 1: Referral The server side error is "A referral was returned from the server." An error has occurred in the program I've spent most of the day trying to figure out what the errors - "A referral" or error code 8235 - actually mean, but to no avail. Also, some other information. I still have NOT been able to find an answer to this problem . The only thing worth mentioning that I forgot in my past post is that for some reason my AD had a Microsoft Exchange entry under Active Directory Sites and Services -> Services. Yet, we had never even attempted to install Exchange 2003, though it seemes as if forestPrep had been run before. I deleted this entry before trying my install. Just like that, I pushed the delete button. I'm wondering if maybe whatever had run forestPrep maybe did some changes to the schema/organization/registries, and since I did a very brutal removal of the Microsoft Exchange entry... maybe that has to do with my problem? Some odd remains of that "ghost Exchange 2000/2003 installation"? Also, I am trying to run the Exchange Best Practices tool in order to do a Readiness scan, but supposedly it needs to connect to an Exchange Organization... yet, I still have not installed Exchange... how can I run this scan?Can anyone help me with this or point me in the right direction? Thanks in advance!
March 30th, 2007 11:24pm

I have a simular problem. 2007 installation finds a 2003 server in the domain thats not there. i've checked the domain, dns, wins, registry but cant find where 2007 finds the 2003 server. we've tried installing a 2003 server before but removed that one again, now were installing 2007, but no go... anyone got an idea? thnx.. Rob.
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2007 3:23pm

Try this KB Article. The bit you probably need is headed Remove the Exchange 2003 server from Active Directory and involves using ADSI Edit. At least this will tell you whether AD still contains a reference to an Exchange server.
April 6th, 2007 5:52am

I had already checked it, and nothing of that applies to my case because we never had a previous Exchange installation. Nevertheless I checked for the registry entries and the ADSI tool, but nothing mentioned in the KB Article appeared.
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2007 6:59pm

Hmm... Forget the registry, what else can you see in ADSI Edit? 1. In the configuration container is there: CN=Services CN=Microsoft Exchange If so, what is in the treebelow that? 2. In the default domain container, is there: CN=Microsoft Exchange System Objects If so, what is in the tree below that? 3. In the Schema container, is there anything that commences with: CN=ms-Exch- If so, how far into the Exchange 2007 setup did you get? ==== Note: Maybe we're looking at two different problems here, Rob's may be a different set of circumstances.
April 11th, 2007 4:37am

A rambling thought for you ... The error text you're getting is "A referral was returned from the server" . This is the text for LDAP error 0x9.Itsuggests that the LDAP session to the DC established by setupmay have theLDAP_OPT_REFERRALS option set to LDAP_OPT_OFF and a referal has taken place. An examplemight be a schema lookup against a DC that is not carrying the Schema role and must refer to another DC elsewhere. Is the server you are trying to install on in a site that has a DC with limited roles ? Suggest you run DcDiag(or the reskit DumpFSMOs tool) from the server you are trying to install on and figure out what is where, specifically what DC it is connecting to and what rolesthat is carrying.
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2007 5:58am

Hello Bondi, thanks for the heads up!Well, using the ADSI Tool there USED to be a CN=Microsoft Exchange entry under CN=Services in the configuration container, but I was told to simply delete it - just like that, select it and press Del, heh. My instincts told me that probably wasn't the proper way to dispose of it... maybe I should've listened to them, hehehe. This was before I even ran the Exchange 2007 installation.The problem then was that the Exchange 2007 installer could not go past the "Introduction" screen - the one before the License Agreement - because it said the Exchange Organization name was invalid. In msexchange.org forums they told me it was because my domain thought I had a previous Exchange installation, and that I should simply delete that object.In the default domain container there actually is a CN=Microsoft Exchange System Objects, but there is nothing in it. Completely deserted like a ghost town.In the Schema container, there are a lot of CN=ms-Exch- entries. When I was finally able to get after the Introduction screen on the Exchange 2007 installation I was able to get to the Readiness Check; obviously I had to download some patches. After that I was able to get to the next screen, Progress/Completition and it is in the Organization Preparation Step where it fails and gives me the error I originally stated in this thread.I ran, like you suggested, dcdiag and dumpfsmos. When running dcdiag I received a failure on the following tests:KnowsOfRoleHolders.- For the Role Scheme Owner and Role Domain Owner it gives me the following warnings: Role Schema Owner = CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=com Warning: CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=com is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=com Warning: CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=com is the Domain Owner, but is deleted.systemlog.- It doesn't clearly say why it fails, it just show that some "Error Event ocurred. EventID: 0x00000457 (Event String could not be retrieved)." *shrugs*With dumpfsmos, it just let's me know about the roles the server knows. Interestingly enough the Schema and Domain rules have something like this:"Schema - CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=comDomain - CN=NTDS Settings\0ADEL:7a3c77a4-12cb-44c6-a3f9-d1a4d8282e80,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=com"This leads me to believe one of the next obvious questions will be: "Have you changed servers recently?" to which the answer is: yes. We changed the DC from one old computer to a newer one. To do so, we transfered the roles from the OldDC to a 3rd Server we had around, then turned off the OldDC, turned on the NewDC and then seized the roles from the NewDC. Afterwards we shut down this 3rd Server used just for transfering the roles.The reason we did it this way was so the OldDC and the NewDC could use the same name and IP address. To be completely honest, back when this was done I wasn't too involved with the site administration, so I lack the knowledge of why exactly the previous people in charge wanted it to be that way.So, my wild guess would be that the Scheme changes the Exchange 2007 wants to do can't be done because , like you mentioned, the server itself does not acknowledge itself as having the Scheme Master role. Thus the question is: how can I seize this two roles: Scheme and Domain?I've looked at some information on the web, but most of it assumes that I'm trasnfering with two online servers; yet this is not quite the case here. Is there a way I can force the NewDC to seize those roles out of the blue?Thanks for everything!
April 11th, 2007 8:41pm

Hey there!Well, the installation is going on its merry way as I post this Turns out that, thanks to Boni's help, I was able to realize the current DC did not have the Schema and Domain Master roles. So I just seized them using ntdsutil and off our jolly way we go.I believe my assumptions were correct: the installation could not prepare the domain's Schema because it was not able to find the Schema master - which was the old DC. After seizing them, the new DC was able to do everything by itself.The article I used to seize the roles is called "Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller" from Microsoft. It can be located at http://support.microsoft.com/kb/255504 - if you're looking for something more visual, you can try "How can I forcibly transfer (seize) some or all of the FSMO Roles from one DC to another?" located at http://www.petri.com.il/seizing_fsmo_roles.htm.I want to thank everyone who posted in this thread to help me find my way amongst this forest - pun intended.Thanks, Cheeri-o!
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2007 9:48pm

I am still fighting the same issue. I have seized the roles but my installation stops with the same error. the following is from my ldif.err. Entry DN: CN=Locale-ID,CN=Schema,CN=Configuration,DC=twu,DC=orgAdd error on line 155: Insufficient Rights The server side error is "Insufficient access rights to perform the operation." An error has occurred in the program and I have this in the ldif.log 8: CN=Locale-ID,CN=Schema,CN=Configuration,DC=twu,DC=orgEntry DN: CN=Locale-ID,CN=Schema,CN=Configuration,DC=twu,DC=orgAdd error on line 155: Insufficient Rights The server side error is "Insufficient access rights to perform the operation." 7 entries modified successfully. An error has occurred in the program Please help!!!!
May 6th, 2008 9:55pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics