Skip to main content

Problems installing a CCR CMS Exchange 2007

25582_exchange2007logo I’ve been meaning to Blog About this for a while, before Exchange 2010 comes out. So here goes…

I had pre provisioned five exchange objects, two for servers meant to hold the HUB/CAS roles, two for the CCR Cluster Nodes and one for the CMS. The delegated local admin had installed the HUB/CAS servers with no issues, but hit a problem after installing the mailbox role on the first node, the CMS creation failed with the following message.

Clustered Mailbox Server ......................... FAILED
The computer account 'Server' was created on the domain controller
'\\fsmoholder.domain.suffix', but has not replicated to the desired domain
controller (localdc.domain.suffix) after waiting approximately 60 seconds
. Please wait for the account to replicate and re-run setup /newcms.
The Exchange Server Setup operation did not complete. For more information, visit and enter the Error ID.
Exchange Server setup encountered an error.

The local admin tried a few things to discover what the problem was and resolve it himself with no success. So passed the problem back.

Waiting for replication as indicated in the error message, doesn’t solve the issue. So I checked the obvious oversights for causes of the problem.

  • Service Account for the Cluster has full control of the CMS Computer Object in AD
  • Manually re-creating the Network Name Resource in Cluster Manager before waiting for a replication cycle and then running setup /newcms with all the required switches again.
  • Checking TCP Chimney was disabled. This can cause timeouts when talking to Domain Controllers, especially on Exchange Boxes.
  • Removing all traces of exchange from the nodes. (Ensuring v8.0 registry hive is removed is often overlooked) Removing the provisioned objects from AD and going through the motions of installing again.

After a few hours of troubleshooting I logged a call with MS, getting the same error numerous times. So they went through a very similar troubleshooting process that I’d been through and reached the same point.

I should explain that this exchange installation was sitting in an AD Site with a 15 minute replication delay from the DC containing all the FSMO roles.

Microsoft eventually helped us get this resolved after a day of troubleshooting.

The problem here lies with the Server 2003 Cluster Service, not Exchange. When a network name resource is created, it insists on going to the PDC Emulator to take control / create the Computer Object. This means that when attempts to use the computer object on a local DC occur, it gets locked out, because the password set on the PDC Emulator for the object is not the password on the local domain controller, yet, due to replication delays. The CMS creation then fails.


When our AD was a lot smaller, with hardly any users, we had moved the PDC emulator to the local site to resolve the issue. This wasn’t an option any more, with upwards of 40,000 user accounts and active migrations taking place.

The solution was quite simple. Essentially, we removed the CMS Resource Group from the Cluster, pre-created a new one, along with the Network Name Resource and the IP Resource, and waited for an AD Replication Cycle.

We then added the /domaincontroller switch to the setup command we were using to create the cms. /newcms /DomainControler localdc.dom.suff /cmsname:ExchangeCMSName /cmsipaddress: /CMSSharedStorage /CMSDataPath:"M:\Storage Groups"

The reason we did this was to ensure we knew what local DC exchange was going to use. It didn’t change the fact that the Cluster Service was attempting to use the computer account on the FSMO holder.

We then kicked off the command, but that’s not it. As soon as we had kicked off the command, we had to monitor the computer account on the DC we specified in the command above and continually refresh its status. At some point in the setup, you would see that computer account getting disabled, sometimes more than once, we needed to enable it as soon as possible. Once we enabled the computer account, only once for us. The command to provision the CMS worked fine and we could watch the other Resources being created in Cluster Manager. All fixed!

I should point out that this problem doesn’t exists in server 2008 as the Cluster Service is a little more intelligent.


Popular posts from this blog

Convert Linked Mailboxes to User Mailboxes in Bulk

My organisation has gone through a massive migration project to unify Active Directories and Exchange organisations. As a result of these migrations a lot of mailbox migrations have resulted in a lot of mailboxes ending up as linked mailboxes even though their not. The official TechNet article on this explains how to disconnect the mailbox and re-attach it to the user account correctly as a user mailbox. Another way to make this appear to be corrected is to manually change the “Recipient Type” AD property on the affected mailboxes. This though, is unsupported. Using the official method from Microsoft results in the loss of any specific mailbox information such as SMTP, x400 & x500 addresses, mailbox sizes and any other individual mailbox settings. Only e-mail addresses and mailbox sizes were important to me (I must admit, I forgot about mailbox sizes at first). I came up with the script below that would properly con

Creating a Windows PE 3 Bootable USB device

I’ve used Windows PE for a long time. And I’ve grown to love it. It’s an extremely useful tool, not just for OS installation, but for diagnostics. Since there’s a version of WinPe for x64 & x86 (& itanium) I like to keep both x64 & x86 on my USB stick. Essentially copying the each version to the root of the USB stick as needed. Meaning at any one time I have three copies of WinPE on my USB stick. Other applications I copy directly to my USB stick, so that I don’t have to remount the image every time i need another application added. Shortly after Windows 7 was released came a new version of WinPE, WinPE 3.0 on the Windows Automated Installation Kit. Preparing the USB stick. You’ll need to prepare the USB stick. To do this open a command prompt using Run As Administrator and use the following commands. diskpart list disk select disk 7 clean create partition primary select partition 1 active format quick fs=fat32 assi

Upgrading Exchange 2007 Clusters to SP2 – Workaround

I posted last month about a problem delegating installs of Exchange 2007 SP2. Delegated Admins will receive an error message stating the following… You must be a member of the 'Exchange Organization Administrators' or 'Enterprise Administrators' group to continue. Have been looking into the issue and have had a case open with Microsoft. Turns out that you only get this issue on a fully patched server. If you try upgrading or installing as a delegated admin on a fresh install of either server 2008 or 2003 you don’t see the problem either with Exchange SP1 or SP2. I haven’t had time to identify exactly what patch causes this yet, if I’ll bother at all. If you have patched your server though, MS came up with this workaround. Disable update checking for the BPA by heading into the registry and HKCU\Software\Microsoft\Exchange\ExBPA and either creating or modifying a DWORD named “VersionCheckAlways” and set it to ‘0’ Copy the installation files to a local drive and replace S