最近遇到的Exchange安装问题分享给大家,以便大家遇到类似问题时,不要再去花费时间寻找解决方法。
一、问题现象
在安装Exchange的时候遇到一个问题(由于我所安装的环境中是一个较大的AD林域架构,出现问题的是一个子域),通过Exchange安装日志查看报错信息如下:
[08/17/2016 02:30:55.0619] [2] Active Directory session settings for ‘Update-LegacyGwart‘ are: View Entire Forest: ‘True‘, Configuration Domain Controller: ‘ad01.contoso.com‘, Preferred Global Catalog: ‘ad01.contoso.com‘, Preferred Domain Controllers: ‘{ ad01.contoso.com‘}‘
[08/17/2016 02:30:55.0619] [2] Beginning processing Update-LegacyGwart
[08/17/2016 02:30:55.0868] [2] Used domain controller contoso.com to read object DC=contoso.
[08/17/2016 02:30:55.0977] [2] [ERROR] Active Directory operation failed on contoso.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
[08/17/2016 02:30:55.0977] [2] [ERROR] The user has insufficient access rights.
[08/17/2016 02:30:55.0993] [2] Ending processing Update-LegacyGwart
在系统的应用日志中,有MSExchangeSetup Event ID 1002报错信息
二、拍错过程
1、安装日志中提示的是he user has insufficient access rights用户权限问题,那么我首先需要再次确认一下此安装账户的权限是否都具备,经检测安装账户具备应有的权限。(已经加入到Exchange组织管理员中)
2、通过查找相关KB,其中有人遇到类似是问题,解决方法是当前安装账户为继续权限。经过我的检查,我遇到问题时,安装账户已经继承了权限。(此方法可以作为一种解决此类问题的一个方法。),具体可以参考:http://www.petenetlive.com/KB/Article/0000719
3、在微软的KB中检索到此类问题还要另外一种解决方法,就是Setup.com /preparedomain:consoto.com 使用Exchange安装程序重新准备一下当前AD。进行此项操作的账户必须具有Domain Admins的权限。通过执行该命令后问题顺利解决。微软给出的解释是子域域控丢失了SACL权限。关于微软的KB可以参考:http://social.technet.microsoft.com/wiki/contents/articles/12703.troubleshooting-fimgalsync-active-directory-response-00002098-secerr-dsid-03150bb9-problem-4003-insuff-access-rights-data-0.aspx