Problem Description: Installation of Exchange 2010 fails with error below
Error: [ERROR] Active Directory operation failed on <domain controller.> This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152392, #1:
0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 83fbc060 (msExchRMSComputerAccountsLink)
[08/16/2010 15:32:29.0661] [2] [ERROR] A value in the request is invalid.
[08/16/2010 15:32:29.0677] [2] Ending processing.
Description: This error occurrs when the Exchange 2010 installation fails to successfully add the local computer account to the required Universal Security Groups in the Forest Root OU "Microsoft Exchange Security Groups." Specifically, the local computer account must be added to the "Exchange Trusted Subsystem" and "Exchange Servers" Security Groups.
Solution or Workaround: An easy workaround is to manually add the local computer account to these Security Groups prior to install. If you want to dig into Active Driectory for root cause, you should start with examining your Sites and Services configuration along with replication and install account permissions.
Grade: Bummer!
I recall a situation where i ran into this issue in an environment where all DC's were 32bit. The next environment only had 64bit DCs and the problem did not occur. Maybe this has something to do with it. Either way, this is great info.
ReplyDelete