Applies to: Exchange Server 2007 SP1
Topic Last Modified: 2008-12-11
This topic provides information about how to troubleshoot an issue in which Exchange Server 2007 Service Pack 1 (SP1) Clustered Mailbox Server (CMS) cannot be installed in Windows Server 2008.
When you run the Setup.com /mode: install /role: Mailbox /NewCms /CmsName: <CmsName> /CmsIPAddress: <IP address> command, the command may not run as expected. Additionally, the following event is logged in the System log:
Source: Microsoft-Windows-FailoverClustering |
Date: n\a |
Event ID: 1194 |
Task Category: Network Name Resource |
Level: Error |
Keywords: |
User: SYSTEM |
Computer: Computer_Name |
Description: |
Cluster network name resource 'Network Name (com1)' failed to create its associated computer object in domain '<Domain_Name>' for the following reason: Unable to create computer account. The text for the associated error code is: Access is denied. Please work with your domain administrator to ensure that: - The cluster identity 'com1-C$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed. - The quota for computer objects has not been reached. - If there is an existing computer object, verify the Cluster Identity 'com1-C$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool. |
This issue occurs if the Cluster Name Object (CNO) cannot add a new computer account in the Active Directory directory service. The Cluster Name Object cannot add new computer accounts in Active Directory if the Authenticated Users group has been removed from the Add workstation to the domain security policy setting. The Cluster Name Object belongs to the Authenticated Users group and inherits the permissions that are applied to this group.
To resolve this issue, use one of the following procedures:
- Add the Cluster Name Object to the Add workstation to the
domain security policy setting, and then run Setup again.
- Use the Exchange Delegation Wizard in the domain controller
organizational unit (OU) to grant the Cluster Name
Object the right to join a computer to the domain.
- Pre-stage the computer account in Active Directory, and
then add Cluster Name Object to the The following
user or group can join this computer to a domain option.
Procedures
-
Click Start, point to Administrative Tools, and then click Group Policy Management.
-
Right-click Default Domain Controllers Policy, and then click Edit.
-
Expand Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies, and then click User Rights Assignment.
-
In the Policy list, right-click Add workstation to domain, and then click Properties.
-
On the Security Policy Setting tab, click Add User or Group.
-
In the User and group names box, type Cluster Name Object, and then click OK.
-
Click OK, close Group Policy Management Editor, and then close Group Policy Management.
-
Run the following command:
Copy Code Setup.com /mode: install /role: Mailbox /NewCms /CmsName: <CmsName> /CmsIPAddress: <IP address>
-
Start Active Directory Users and Computers.
-
Right-click the domain name, and then click Delegate Control.
-
On the Welcome to the Delegation of Control Wizard page, click Next.
-
On the Users or Groups page, click Add.
-
On the Select Users, Computer, or Groups page, click Object Types.
-
In the Object Types dialog box, click to select the Built-in security principals check box, and then click to select the Computers check box.
-
Click to clear the Groups check box, click to clear the Users check box, and then click OK.
-
In the Enter the object names to select box, type the Cluster_Name_Object_Name, click Check Names, and then click OK.
-
On the Users or Groups page, click Next.
-
On the Tasks to Delegate page, click to select the Join a computer to the domain check box, and then click Next.
-
Click Finish, and then close Active Directory Users and Computers.
-
Start Active Directory Users and Computers.
-
Right-click the domain name, point to New, and then click Group.
-
In the Group name box, type a name for the cluster group, and then click OK.
-
In the right pane, right-click the group that you created, and then click Properties.
-
On the Members tab, click Add.
-
Click Object Types, click to select the Computers check box, and then click OK.
-
In the Enter the object names to select box, type the Cluster_Name_Object_Name, click Check Names, and then click OK.
-
Expand the domain name, right-click Computers, point to New, and then click Computer.
-
In the Computer name box, type the name of the Cluster server.
-
Under the The following user or group can join this computer to a domain option, click Change.
-
In the Enter the object name to select box, type the cluster group name that you created in step 3, and then click OK.
-
Click OK, and then close Active Directory Users and Computers.