Exchange 2007 SP1 Clustered Mailbox Server Cannot Be Installed in Windows Server 2008

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007 SP1

This topic provides information about how to troubleshoot an issue in which Exchange Server 2007 Service Pack 1 (SP1) Clustered Mailbox Server (CMS) cannot be installed in Windows Server 2008.

When you run the Setup.com /mode: install /role: Mailbox /NewCms /CmsName: <CmsName> /CmsIPAddress: <IP address> command, the command may not run as expected. Additionally, the following event is logged in the System log:

Source: Microsoft-Windows-FailoverClustering

Date: n\a

Event ID: 1194

Task Category: Network Name Resource

Level: Error

Keywords:

User: SYSTEM

Computer: Computer_Name

Description:

Cluster network name resource 'Network Name (com1)' failed to create its associated computer object in domain '<Domain_Name>' for the following reason: Unable to create computer account.

The text for the associated error code is: Access is denied.

Please work with your domain administrator to ensure that:

- The cluster identity 'com1-C$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.

- The quota for computer objects has not been reached.

- If there is an existing computer object, verify the Cluster Identity 'com1-C$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

This issue occurs if the Cluster Name Object (CNO) cannot add a new computer account in the Active Directory directory service. The Cluster Name Object cannot add new computer accounts in Active Directory if the Authenticated Users group has been removed from the Add workstation to the domain security policy setting. The Cluster Name Object belongs to the Authenticated Users group and inherits the permissions that are applied to this group.

To resolve this issue, use one of the following procedures:

  • Add the Cluster Name Object to the Add workstation to the domain security policy setting, and then run Setup again.

  • Use the Exchange Delegation Wizard in the domain controller organizational unit (OU) to grant the Cluster Name Object the right to join a computer to the domain.

  • Pre-stage the computer account in Active Directory, and then add Cluster Name Object to the The following user or group can join this computer to a domain option.

Procedures

To add the Cluster Name Object to the Add workstation to the domain security policy setting

  1. Click Start, point to Administrative Tools, and then click Group Policy Management.

  2. Right-click Default Domain Controllers Policy, and then click Edit.

  3. Expand Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies, and then click User Rights Assignment.

  4. In the Policy list, right-click Add workstation to domain, and then click Properties.

  5. On the Security Policy Setting tab, click Add User or Group.

  6. In the User and group names box, type Cluster Name Object, and then click OK.

  7. Click OK, close Group Policy Management Editor, and then close Group Policy Management.

  8. Run the following command:

    Setup.com /mode: install /role: Mailbox /NewCms /CmsName: <CmsName> /CmsIPAddress: <IP address>

To use the Delegation Wizard in the domain controller OU to grant the Cluster Name Object the right to join a computer to the domain

  1. Start Active Directory Users and Computers.

  2. Right-click the domain name, and then click Delegate Control.

  3. On the Welcome to the Delegation of Control Wizard page, click Next.

  4. On the Users or Groups page, click Add.

  5. On the Select Users, Computer, or Groups page, click Object Types.

  6. In the Object Types dialog box, click to select the Built-in security principals check box, and then click to select the Computers check box.

  7. Click to clear the Groups check box, click to clear the Users check box, and then click OK.

  8. In the Enter the object names to select box, type the Cluster_Name_Object_Name, click Check Names, and then click OK.

  9. On the Users or Groups page, click Next.

  10. On the Tasks to Delegate page, click to select the Join a computer to the domain check box, and then click Next.

  11. Click Finish, and then close Active Directory Users and Computers.

To pre-stage the computer account in Active Directory and to add the Cluster Name Object to the The following user or group can join this computer to a domain option

  1. Start Active Directory Users and Computers.

  2. Right-click the domain name, point to New, and then click Group.

  3. In the Group name box, type a name for the cluster group, and then click OK.

  4. In the right pane, right-click the group that you created, and then click Properties.

  5. On the Members tab, click Add.

  6. Click Object Types, click to select the Computers check box, and then click OK.

  7. In the Enter the object names to select box, type the Cluster_Name_Object_Name, click Check Names, and then click OK.

  8. Expand the domain name, right-click Computers, point to New, and then click Computer.

  9. In the Computer name box, type the name of the Cluster server*.*

  10. Under the The following user or group can join this computer to a domain option, click Change.

  11. In the Enter the object name to select box, type the cluster group name that you created in step 3, and then click OK.

  12. Click OK, and then close Active Directory Users and Computers.