During Exchange Server 2007 schema extension you may encounter a security descriptor error which will cause setup to fail.  The error may occur specifically during the “setup /PrepareAD” stage.

>setup /preparead

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

No server roles will be installed

Performing Microsoft Exchange Server Prerequisite Check

    Organization Checks              ......................... COMPLETED

Configuring Microsoft Exchange Server

    Organization Preparation         ......................... FAILED
     You do not have permissions to read the security descriptor on CN=Deleted O
bjects,CN=Configuration,DC=domain,DC=com,DC=au.

The Exchange Server Setup operation did not complete. For more information,visit
http://support.microsoft.com and enter the Error ID.

Exchange Server setup encountered an error.

To resolve this issue use the following steps:

1. Download and install the ADAM tools from Microsoft.
2. Go to Start -> Programs -> ADAM and launch ADAM Tools Command Prompt.
3. In the command prompt, run the following command (substitute your domain name where appropriate):

   C:\WINDOWS\ADAM>dsacls "CN=Deleted Objects,DC=domain,DC=com,dc=au" /takeownership
   Owner: DOMAIN\Domain Admins
   Group: NT AUTHORITY\SYSTEM
   
   Access list:
   {This object is protected from inheriting permissions from the parent}
   Allow BUILTIN\Administrators  SPECIAL ACCESS
                                 LIST CONTENTS
                                 READ PROPERTY
   Allow NT AUTHORITY\SYSTEM     SPECIAL ACCESS
                                 DELETE
                                 READ PERMISSONS
                                 WRITE PERMISSIONS
                                 CHANGE OWNERSHIP
                                 CREATE CHILD
                                 DELETE CHILD
                                 LIST CONTENTS
                                 WRITE SELF
                                 WRITE PROPERTY
                                 READ PROPERTY
   
   The command completed successfully

4. Re-run Exchange setup.  It should now successfully extend the schema.

Link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;892806

 

You have to ask: is there malware on my system? You can be 100 per cent certain there is no malware that you can detect, but less than 100 per cent certain that there is no malware at all. Now, ladies and gentlemen, isn’t this true of every computer we already have? There is no difference just because it’s virtualisation.

Read the entire article at ZDNet.

Not sure what they’re advertising…

Here is a tip for Microsoft, if you’re going to pop up and remind me to activate my Windows Server 2008 installation, give me the option right here to enter my product key so that when I hit “Activate Windows online now” it doesn’t fail.

We’ve been virtualising Exchange Server 2007 since it was first released but this week Microsoft has announced their official support policies for virtualised Exchange environments.  It is a bit heavy on the Hyper-V but also references the list of support partners for non-Microsoft hardware virtualisation.  When I checked this earlier in the week VMWare was a notable absence but today Dugie confirmed for me that they’ve been added to the list, which now stands as follows:

• Cisco Systems, Inc.
• Citrix Systems, Inc.
• Novell, Inc.
• Sun Microsystems
• Unisys Corp.
• Virtual Iron Software
• VMware, Inc.

If you’re planning an Exchange Server 2007 deployment using a virtualisation platform be sure to read Microsoft’s recommendations for sizing virtual machines.