Microsoft KB Archive/887723

From BetaArchive Wiki

Article ID: 887723

Article Last Modified on 10/27/2006


APPLIES TO

  • Microsoft Exchange 2000 Server Standard Edition


SUMMARY

When you run Setup with the /forestprep switch during a Microsoft Exchange 2000 Server installation, Setup may stop while it is trying to import data from a Microsoft Exchange Server 5.5 computer. Additionally, and you may receive the following message:

Setup failed while installing sub-component Exchange System Manager Snap-ins

This issue may occur when there is no account in the Active Directory directory service that corresponds to an Exchange Server 5.5 account that has top-level folder creation permissions configured on the Exchange Server 5.5 Server computer. This article describes three methods to work around this issue. You can create duplicate accounts in Active Directory, or remove the top-level folder creation permissions before you run Setup, or configure a two-way Connection Agreement.

SYMPTOMS

When you run Setup with the /forestprep switch during a Microsoft Exchange 2000 Server installation, Setup may stop while it is trying to import data from an Exchange Server 5.5 computer. You may receive the following message:

Setup failed while installing sub-component Exchange System Manager Snap-ins with error code 0xC103798A (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again.

The Setup progress window displays the following information above the progress bar:

adc -console -RO -CA "cn=Config CA_SITE_SFOADC1,cn=Active Directory Connections,cn=Microsoft Exchange,cn=Services,cn=Configuration,dc=domain_name,dc=com" -dc domain_controller -log 2


The Exchange Server Setup Progress.log file indicates that the failure occurred after a command to create the temporary Configuration Connection Agreement was issued. The command is referenced in the Setup progress window: 

The command c:\sources\exchsp2\server\setup\i386\exchange\adc -console 
-RO -CA "cn=Config CA_SITE_SFOADC1,cn=Active Directory Connections,cn=Microsoft 
Exchange,cn=Services,cn=Configuration,dc=domain,dc=com" -dc DALDC1 -log 2 
"C:\Active Directory Connector.Log" failed, returning error code -2147467259 (An 
unknown error has occurred.). ScCreateProcess 
(i:\admin\src\libs\exsetup\hiddenw1.cxx:1768)
           Error code 0XC103798A (31114): An internal component has failed.
[14:42:50]  CAtomPtOz::ScLaunchADCToSynchPtWithOzTopology 
(i:\admin\src\udog\exsetdata\components\server\a_ptoz.cxx:462)
           Error code 0XC103798A (31114): An internal component has failed.

CAUSE

This issue may occur when top-level folder creation permissions cannot be replicated from the Exchange Server 5.5 computer. The permissions cannot be replicated because there is no corresponding account in Active Directory for the account settings that the ForestPrep tool tries to replicate.

WORKAROUND

To work around this issue, use one of the following methods.

Method 1: Create duplicate accounts

Create duplicate accounts in Active Directory for each account that has top-level folder creation permissions configured on the Exchange Server 5.5 computer.

To manually create accounts in Active Directory:

  1. Make a note the user or group accounts that have top-level folder creation permissions configured in Exchange Server 5.5:
    1. On the Exchange Server 5.5 computer, start Microsoft Exchange Administrator.
    2. In the left pane, expand the Exchange site container, and then click Configuration.
    3. In the right pane, double-click Information Store Site Configuration.
    4. Click the Top Level Folder Creation tab.
    5. Make a note of the mailboxes and distribution lists that are displayed under Allowed to create top level folders and Not allowed to create top level folders.

      By default, Allowed to create top level folders is set to All, and Not allowed to create top level folders is set to None.
  2. On the Exchange 2000 Server computer, create a user account to match each account that you made a note of in step 1:
    1. Log on by using an account that has Administrator rights, and then start Active Directory Users and Computers.
    2. In the Tree pane, expand Domain_Name, and then right-click Users.
    3. Point to New, and then click User or Group, depending on whether you want to create a user or a group.
    4. In the New Object - User box or in the New Object - Group box, type the appropriate information that matches the account that you are matching from the Exchange Server 5.5 computer.
  3. Use the Active Directory Service Interfaces (ADSI) Edit snap-in to modify the LegacyExchangeDN attribute to match the mailbox that is specified in the Active Directory Connector.log file.

    Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

    To modify the LegacyExchangeDN attribute by using the ADSI Edit snap-in:
    1. View the Active Directory Connector.log file. The Active Directory Connector.log file is located on the root of the drive where the Active Directory Connector service is installed. The following error in the Active Directory Connector.log file indicates that top-level folder creation rights are not being replicated because there is no corresponding account in Active Directory:

      [14:00:00] (2147491968) The ADC is replicating top level folder creation permissions on the source object cn=Site-MDB-Config,cn=Configuration,ou=Site_Name>,o=Org_Name to the Active directory. It was unable to locate a corresponding object on a Windows 2000 global catalog with a LegacyExchangeDN of /o=Org_Name/ou=Site_Name/cn=Recipients/cn=Account_Name. This security setting will not be mapped to the Exchange 2000 MAPI TLH. Ensure that this object exists in Exchange 5.5 and that it has successfully replicated into the Active Directory. (Connection Agreement 'Config CA_Site_Exchange' #500)

    2. Make a note the value of the LegacyExchangeDN attribute. In this example, it is /o=Org_Name/ou=Site_Name/cn=Recipients/cn=Account_Name.
    3. Start the ADSI Edit snap-in.
    4. Expand Domain NC [Domain_Name], and then click CN=Users.
    5. In the right pane, right-click the user or the group that you want to edit, and then click Properties.
    6. On the Attributes tab, click LegacyExchangeDN in the Select a property to view box.
    7. Type the value of the LegacyExchangeDN attribute that you made a note of in step b, and then click Set.
    8. Click OK.

Method 2: Remove the top-level folder creation permissions before you run Setup /forestprep

To remove the top-level folder creation permissions:

  1. On the Exchange Server 5.5 computer, start Microsoft Exchange Administrator.
  2. In the left pane, expand the Exchange site container, and then click Configuration.
  3. In the right pane, double-click Information Store Site Configuration.
  4. Click the Top Level Folder Creation tab.
  5. Make a note of the mailboxes and of the distribution lists (DLs) that are listed under Allowed to create top level folders and under Not allowed to create top level folders.

    By default, Allowed to create top level folders is set to All, and Not allowed to create top level folders is set to None.
  6. Remove the accounts or distribution lists that are specifically configured to allow or to disallow top-level folder creation.

    WARNING Removing accounts from the Allowed to create top level folders box gives All users permission to create top-level folders.
  7. Retry the ForestPrep tool, or run Setup /forestprep again.

    Note If you already clicked Cancel while the ForestPrep tool was running, remove the Organization object from Active Directory, and then clear the Heuristics attribute on the CN=Microsoft Exchange container. To do this, follow these steps.

    Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
    1. Start the ADSI Edit snap-in.
    2. Under Configuration Container, expand CN=Configuration,DC=Domain_name, DC=extension, expand CN=Services, and then expand CN=Microsoft Exchange.
    3. Right-click CN=Organization_Name, and then click Delete.
    4. Right-click CN=Microsoft Exchange, and then click Properties.
    5. On the Attributes tab, click heuristics in the Select a property to view box, click Clear, and then click OK.
  8. After the ForestPrep tool has finished, you can add back the accounts that you removed in step 6. Add the accounts to the Allowed to create top level folders list and to the Not allowed to create top level folders list.

Method 3: Create a two-way Recipient Connection Agreement

Method 3 creates disabled accounts in Active Directory. The disabled accounts have a distinguished name that matches the source Exchange recipients container on the Exchange Server 5.5 computer. If you do not want to prepare for and to configure a Recipient Connection Agreement now, we do not recommend this method. For additional information about how to configure a two-way Recipient Connection Agreement, click the following article number to view the article in the Microsoft Knowledge Base:

296260 How to configure a two-way Recipient Connection Agreement for Exchange Server 5.5 Users


REFERENCES

For additional information about issues that are related to Configuration Connection Agreements, click the following article number to view the article in the Microsoft Knowledge Base:

827618 The Configuration Connection Agreement stops with Event ID 8146 in the Application log in a mixed-mode Exchange 2000 Server environment


Keywords: kbtshoot kbprb KB887723



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/887723&oldid=335438
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki