| Author | Messages | |
tkern@xxxx.yyy
 | | 08/26/2005 4:55 AM |
| I'm trying to install exchange 2k with the diasterrecovery switch. I have no connectivity to the Schema master FSMO at the moment and exchange keeps telling me it can't go forward because it can't contact the Schema master.
Now, i'm not trying to run forestprep(this has already been done). I'm just reinstalling an exchange server that exists in AD already?
Why would it need the schema master?
Does someone know of a MS document that says installing subsequent exchange servers or reinstalling an existing server or running the diasterrecovery switch requires connectivity to the schema master?
because this makes no sense to me. It doesn't need to write to the schema. Forestprep has been run and there is an existing exchange org in the forest. I'm running this reinstall as a EA and exchange full admin.
Help?!!
Thanks | | | |
| deji
Posts:150
| | 08/26/2005 5:14 AM |
| The install process still needs to write stuff to the Schema.
Try this:
On the DC being used by the Exchange server during the install (you can find
this by doing "set L" from a cmd prompt) add the following reg value:
HKEY LOCAL MACHINE\System\Current Control Set\Services\NTDS\Parameters
"Schema Update Allowed"
Type - REG_DWORD
Value - 1
Don't know if it'd work, considering the other problems you've been having to
date. But it's worth a try.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Kern, Tom
Sent: Fri 8/26/2005 9:48 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Exchange issues again(ot)
I'm trying to install exchange 2k with the diasterrecovery switch. I have no
connectivity to the Schema master FSMO at the moment and exchange keeps
telling me it can't go forward because it can't contact the Schema master.
Now, i'm not trying to run forestprep(this has already been done). I'm just
reinstalling an exchange server that exists in AD already?
Why would it need the schema master?
Does someone know of a MS document that says installing subsequent exchange
servers or reinstalling an existing server or running the diasterrecovery
switch requires connectivity to the schema master?
because this makes no sense to me. It doesn't need to write to the schema.
Forestprep has been run and there is an existing exchange org in the forest.
I'm running this reinstall as a EA and exchange full admin.
Help?!!
Thanks
.+w?�B��+v*����r�z� Vr�yi??
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tkern@xxxx.yyy
| | 08/26/2005 5:57 AM |
| -----Original Message-----
From: deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx]
Sent: Fri 8/26/2005 1:09 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
> | | | |
| tkern@xxxx.yyy
| | 08/26/2005 6:24 AM |
| -----Original Message-----
From: Kern, Tom on behalf of Kern, Tom
Sent: Fri 8/26/2005 1:56 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
> | | | |
| deji
Posts:150
| | 08/26/2005 6:27 AM |
| >> Sheesh, i'm getting to hate Exchange
That's a very common feeling. Eventually people either come to love it or
learn to live with it - ask Joe :-)
Anyway, your question is broad, but let me briefly explain this:
When you ran ForestPrep, you are just creating (empty) place-holders in the
Schema for Exchange-specific objects and attributes. Things like
ms-Exch-Information-Store, ms-Exch-IP-Address, like Org name, server name,
Routing Groups, etc.
You were putting the structure in place, so to speak. Now, that you are
really installing Exchange, the install process needs to supply values for
some of those "place-holders". We need to plug in the name of the Exchange
server(s), the admin/routing group info, things like that. You follow?
If you REALLY must know what's done when and where, the Exchange Server
Technical Reference is a good (and informative) weekend-killer. You should be
able to download it from the exchange site on microsoft.com/exchange
Good luck. Now I have to bail.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Kern, Tom
Sent: Fri 8/26/2005 10:56 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Exchange issues again(ot)
Can you tell me what setup needs to write to the schema?
Isn't this kinda a bug or at the least a big annoyance that everytime you
need to recover or install a new exchange server, you need connectivity to
the schema master?
What would a reinstall need to write, anyway?
its already in AD.
What the heck is it doing?
whats the point of forestprep then?
Sheesh, i'm getting to hate Exchange.
Thanks, i'll see if your "hack" works and write back.
-----Original Message-----
From: deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx]
Sent: Fri 8/26/2005 1:09 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tkern@xxxx.yyy
| | 08/26/2005 6:30 AM |
| -----Original Message-----
From: deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx]
Sent: Fri 8/26/2005 2:17 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
> | | | |
| dlong@xxxx.yyy
| | 08/26/2005 7:26 AM |
| Do you just not have rights or do you not
even have connectivity?
There isn™t much information about exactly
what you are doing and what has been done, to have a good explanation.
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kern, Tom
Sent: Friday, August 26, 2005 1:56
PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Exchange
issues again(ot)
Can you tell me what setup needs to write to the schema?
Isn't this kinda a bug or at the least a big annoyance that everytime
you need to recover or install a new exchange server, you need connectivity to the schema master?
What would a reinstall need to write, anyway?
its already in AD.
What the heck is it doing?
whats the point of forestprep then?
Sheesh, i'm getting to hate Exchange.
Thanks, i'll see if your "hack" works and write back.
-----Original
Message-----
From: deji@xxxxxxxxxxxxxx
[mailto:deji@xxxxxxxxxxxxxx]
Sent: Fri 8/26/2005 1:09 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange
issues again(ot) | | | |
| katherinec@xxxx.yyy
| | 08/26/2005 8:17 AM |
| Hi Tom,
Long-time lurker on the AD mailing list and after seeing your posts in
recent weeks I really feel for you!!
Anyway, this particular situation got me interested and so I thought
that I'd dig around to see what I could find. The closest article that I
could find of relevance was http://thelazyadmin.com/2005/01/exchange-disaster-recovery.htm where the guy mentions:
"Even though forestprep and domainprep was run when you
first installed Exchange, you will need to run them again to reset some security
accounts. Because it is not updating the Schema, it is a lot faster than you may
remember. Now on to the Exchange install. Run the following command to enter
disaster recovery mode: setup.exe
/disasterrecovery"I don't have a
lab handy at the moment, but it sounds like the above could at least explain
what you're seeing, namely that unless the Schema Master is available, the
disasterrecovery switch won't work. Unfortunately I don't know of any way
to trick Exchange into thinking that it's performed the ForestPrep and
DomainPrep.
Cheers,
Katherine
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kern,
TomSent: 26 August 2005 23:53To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Exchange issues
again(ot)
No, I already have an exchange org installed!!!
I have 10 exchange servers in my AD.
I'm just trying to recover one with the /disasterrecovery switch instead of
restoring system state to dissimallar hardware.
I'm not introducing exchange into AD for the first time.
I have an exchange org and admin group and servers already in place.
I'm only trying to recover one.
Now, again, before you bail, why does setup need to write to the schema in
this case?
Exchange is already here. the place holders have been filled with "real"
objects.
Help me please!!
Ahhhhh!!!
-----Original Message----- From:
deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx] Sent: Fri
8/26/2005 2:17 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Cc:
Subject: RE: [ActiveDir] Exchange issues
again(ot) | | | |
| tkern@xxxx.yyy
| | 08/26/2005 8:18 AM |
| -----Original Message-----
From: Douglas M. Long [mailto:dlong@xxxxxxxxxxx]
Sent: Fri 8/26/2005 3:25 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
> | | | |
| michael@xxxx.yyy
| | 08/26/2005 8:50 AM |
| I've asked "Those Who Should Know". If they deign to
respond, I'll let you know. :-)
If I were a betting man (and I usually am, but not on
this), I would bet that Exchange setup connects specifically to the schema
master role holder in order to verify that the schema has been updated with
forestprep. It would choose the schema master in order to avoid the potential
replication delays that could be associated with consulting the "local DC" (that
is, that the changes may not have replicated from the schema master to the local
DC).
While it's arguable that it should check the local DC
first, and if it doesn't find it there, then check the schema master -- I could
see some developer saying "screw that".
That's my best guess.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kern,
TomSent: Friday, August 26, 2005 3:45 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Exchange issues
again(ot)
I have no rights nor connectivity.
I ran adsiedit.msc as localsystem on a child dc and changed the
fSMORoleHolder attrib on the schema NC to point to the child dc i do have
connectivity to and it worked.
Mind you- THIS IS A TEST FOREST. I WOULD NEVER DO THIS IN PRODUCTION.
still, i'd like to know why setup needs to write to the schema AFTER
exchange has already been installed and set up and you have an org and exchange
servers running.
Does it do this everytime you set up a new exchange server?
what is it writing?
I'd love to know.
Thanks alot!
-----Original Message----- From: Douglas M. Long
[mailto:dlong@xxxxxxxxxxx] Sent: Fri 8/26/2005 3:25 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx Cc: Subject:
RE: [ActiveDir] Exchange issues again(ot) | | | |
| listmail
Posts:497
| | 08/27/2005 6:50 AM |
| Love it? People love that thing? Good god, I would beat it with a stick if I
could get a good solid view of it. I have to admit, it does deliver
messages, when it works that is. That just isn't good enough for me. I seem
to see Exchange more when it isn't working or is working half ass though I
have finally seen some good running installs but it took a lot of work to
get them that way, too much in my opinion.
Setting up Exchange to run in a large org (hundreds of thousands) is
ridiculously complicated and needlessly over taxed with bad assumptions on
what Exchange can and should do and how permissions should work. Anyone who
says Exchange is great has not spent much time actually looking at the
implementation of the whole ACLing implementation. I find I have no end of
bad thoughts when I see more and more new features being dumped into the
product when its core basic features are so flipping unstable and difficult
to deal with. I think the product has the capability to be great, certainly
better than most anything else out there, however it needs to start by
bringing it into the light (and the developers) and show key critical people
how it is really used and how painful it can be to troubleshoot what should
be simple things to troubleshoot, like exactly what queries is DSACCESS
choking on right now? What DLs are being expanded right now? Etc.
Overall, it would seem that most people think it runs well because they
don't know what to look for to see if it is indeed broke. Exchange has this
ability to run ok even when multiple things are broken or misconfigured
right up until you hit the point where it won't run and then it hits the
floor hard and you are sitting there asking yourself, what?s wrong and MS is
asking for a memory dump. Unfortunately when it gets in this state, most
people don't understand how it was supposed to be working, they just knew it
worked before, so they have little understanding of what to look at to see
why it isn't working. There are very few people, in my opinion, that can
really sit down and look at Exchange and the AD Interactions of Exchange and
understand what it is doing right and what it is doing wrong at any given
moment. I am not one of them. I am slowly trying to become one of them but
mostly just from a how is AD being abused side of it. I have no desire to
understand mail routing, etc.
Anyway, back to people not knowing what to look for to see if it is indeed
broke. I just submitted a bug through multiple channels about the Directory
Access Tab (and the backend WMI Exchange_DSAccessDC class) being entirely
untrustworthy unless you just restarted the Microsoft Exchange Management
Service. I posted it in a couple of the Exchange NNTP groups as well with
full repro steps as that is what the SP2 CTP said to do. This is something
Exchange admins around the world have been using since Exchange 2000 SP2.
And it doesn't work right.
The funny thing with this bug is nearly everyone (MS and non-MS) I asked
about it said one of the following:
1. Yeah I never thought that thing was reporting properly.
2. This is a known issue.
3. This is really familiar to me, I think this is a known issue.
4. I saw this back in Exchange 2000. You mean it isn't fixed in Exchange
2003?
I stumbled on this completely by accident in my home lab when testing a
theory on how to force an Exchange server to fail its config DC to an out of
site DC via IPSEC IP blocking when the insite DC was still responding, but
in a piss poor way. I noticed that the failover was occurring because
DSACCESS and the event log and a cache dialed down to 1 second turnover were
all telling me it was happening not to mention queries going to the out of
site DC showing it. But neither WMI nor the Directory Access tab ever
reflected a change, even after 26 hours it didn't report a change.
I then went off on that tangent to check it out because it quite frankly
scared me knowing full well some people monitor their Exchange servers
through the WMI interfaces and watch for changes in the dsaccess lists to
determine there are DC issues. After a while I finally tied it down to the
Exchange Management service and that restarting it, not the SA, would cause
the list to immediately update. This meant it wasn't a DSACCESS issue, it
was a data reporting issue. DSACCESS could have been completely on fire but
the reporting mechanism would say everything was five by five. The reporting
mechanism could tell you that DC1 was being used so you take down DC2 for
work only to find you blew up Exchange because it was really using DC2...
Not only does this bug suck, it is actually dangerous. I would rather have
to guess what DCs are being used and know it was a guess than be told
incorrectly but in an authoritative way what was being used.
On the positive side, the bug I fought to get recognized as a bug back in
2003/2004 has finally been tackled and hopefully killed in SP2.
Directory
The DSAccess API has been changed to return a list of all servers in the
topology with their home domain DNS names. This causes the DSProxy RFR
service to return global catalogs only from the root directory of the
mailbox of the client.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx
Sent: Friday, August 26, 2005 2:18 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Exchange issues again(ot)
>> Sheesh, i'm getting to hate Exchange
That's a very common feeling. Eventually people either come to love it or
learn to live with it - ask Joe :-)
Anyway, your question is broad, but let me briefly explain this:
When you ran ForestPrep, you are just creating (empty) place-holders in the
Schema for Exchange-specific objects and attributes. Things like
ms-Exch-Information-Store, ms-Exch-IP-Address, like Org name, server name,
Routing Groups, etc.
You were putting the structure in place, so to speak. Now, that you are
really installing Exchange, the install process needs to supply values for
some of those "place-holders". We need to plug in the name of the Exchange
server(s), the admin/routing group info, things like that. You follow?
If you REALLY must know what's done when and where, the Exchange Server
Technical Reference is a good (and informative) weekend-killer. You should
be able to download it from the exchange site on microsoft.com/exchange
Good luck. Now I have to bail.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Kern, Tom
Sent: Fri 8/26/2005 10:56 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Exchange issues again(ot)
Can you tell me what setup needs to write to the schema?
Isn't this kinda a bug or at the least a big annoyance that everytime you
need to recover or install a new exchange server, you need connectivity to
the schema master?
What would a reinstall need to write, anyway?
its already in AD.
What the heck is it doing?
whats the point of forestprep then?
Sheesh, i'm getting to hate Exchange.
Thanks, i'll see if your "hack" works and write back.
-----Original Message-----
From: deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx]
Sent: Fri 8/26/2005 1:09 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc:
Subject: RE: [ActiveDir] Exchange issues again(ot)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:497
| | 08/27/2005 6:57 AM |
| I would bet along those lines as well. I have seen multiple
similar cases in Exchange where the Schema rights were needed, I think ADC comes
to mind right off as I seem to recall getting into a rather pissy mood one day
when I had to give Exchange admins Schema Admin rights to install another ADC
instance.
If it were simply a case of I need to look that is fine,
you don't need schema admin for that. The fact that they say, I need to look,
and you need to be a schema admin in the off chance that I need to update
something is crap and in my opinion poor design though if I were the designer I
would rather it be called a bug.
This
whole thing gets back to assumptions made in that system. More times than not I
am usually trying to figure out why in the world the assumptions are what they
are. It sometimes makes me think that they polled the customers by going into
three local mom and pop stores and asked them how they configured their Exchange
systems.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Michael B.
SmithSent: Friday, August 26, 2005 4:50 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Exchange issues
again(ot)
I've asked "Those Who Should Know". If they deign to
respond, I'll let you know. :-)
If I were a betting man (and I usually am, but not on
this), I would bet that Exchange setup connects specifically to the schema
master role holder in order to verify that the schema has been updated with
forestprep. It would choose the schema master in order to avoid the potential
replication delays that could be associated with consulting the "local DC" (that
is, that the changes may not have replicated from the schema master to the local
DC).
While it's arguable that it should check the local DC
first, and if it doesn't find it there, then check the schema master -- I could
see some developer saying "screw that".
That's my best guess.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kern,
TomSent: Friday, August 26, 2005 3:45 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Exchange issues
again(ot)
I have no rights nor connectivity.
I ran adsiedit.msc as localsystem on a child dc and changed the
fSMORoleHolder attrib on the schema NC to point to the child dc i do have
connectivity to and it worked.
Mind you- THIS IS A TEST FOREST. I WOULD NEVER DO THIS IN PRODUCTION.
still, i'd like to know why setup needs to write to the schema AFTER
exchange has already been installed and set up and you have an org and exchange
servers running.
Does it do this everytime you set up a new exchange server?
what is it writing?
I'd love to know.
Thanks alot!
-----Original Message----- From: Douglas M. Long
[mailto:dlong@xxxxxxxxxxx] Sent: Fri 8/26/2005 3:25 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx Cc: Subject:
RE: [ActiveDir] Exchange issues again(ot) | | | |
| ZJORZ
Posts:133
| | 09/09/2005 12:41 PM |
| This is a "builtin feature" of E2K...
XADM: Exchange 2000 Installation Requires Access to Schema Master (http://support.microsoft.com/?kbid=280178)
http://www.petri.co.il/exchange_disasterecovery_switch.htm
It is a check the exchange schema update has been applied
I also remember another buggy feature of resetting custom permissions on the exchange container to the default permissions. Not sure it that was resolved by some hotfix
Cheers,
Jorge
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kern, Tom
Sent: Friday, August 26, 2005 18:48
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Exchange issues again(ot)
I'm trying to install exchange 2k with the diasterrecovery switch. I have no connectivity to the Schema master FSMO at the moment and exchange keeps telling me it can't go forward because it can't contact the Schema master.
Now, i'm not trying to run forestprep(this has already been done). I'm just reinstalling an exchange server that exists in AD already?
Why would it need the schema master?
Does someone know of a MS document that says installing subsequent exchange servers or reinstalling an existing server or running the diasterrecovery switch requires connectivity to the schema master?
because this makes no sense to me. It doesn't need to write to the schema. Forestprep has been run and there is an existing exchange org in the forest. I'm running this reinstall as a EA and exchange full admin.
Help?!!
Thanks
.+-wȆi0g-튺+�Ö¬�²@B�m�ä +v*㹤�´E��௬�²r�z�m 䧚Vr�y&ã±-튾4ibé²½b®Š
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
.+-�w�i���+������@B�m����+�*�ˊ��������r��z�m����V�r��y����4���i����� | | | |
|
|