Re: Exchange install failed
- From: "Scott Schnoll [MSFT]" <scschnol@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Jun 2008 08:44:30 -0700
There is no requirement to pre-create the account. It is an option, but it is not required. If you don't pre-create the account (we call this "staging" BTW), then Setup will create the account for you. This is why the proper permissions are needed.
The text below refers to both. You need the proper permissions for both platforms. What we're saying here is that each OS uses a different security context for the CSA, so keep that in mind when assigning permissions.
By default, each domain account (including computer accounts) has the ability to create 10 accounts in the domain. It is only after these 10 have been used that you would need to actually modify permissions.
Hope this helps.
--
Regards,
Scott Schnoll
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
"Kurt" <Kurt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:580E23F6-A046-4B31-BE62-38BD167DF928@xxxxxxxxxxxxxxxx
Hi Scott,
Exchange setup will not let me proceed if the account is pre-created in the
domain anyway... So this is like a catch 22 - The install will not create
the CMS in the domain, and it won't let me pre-crete it either. W
What you posted below seems to pertain mostly to 2003, except the last
sentence at the bottom. Do the things in the 2003 paragraph also pertain to
2008 clusters? In 2008, the cluster service account is the local system
account, and not a domain account. So do I have to make the local system
account account an admin on both nodes? Is that even possible? Or do I need
to make the cluster machine account (the cluster name, which is represented
as a computer account in AD) an admin on both cluster nodes? And how do I
give either of these accounts the ability to create machine accounts in the
domain - you can't give that to computer objects or local system accounts
from the nodes in group policy. I could add the cluster name computer
account direct to the computers container and give it the rights to create
objects. Is that the way to go?
Thank you,
Kurt
"Scott Schnoll [MSFT]" wrote:
Hi Kurt,
Unless you are performing a delegated setup, you don't need to pre-create a computer account. In other cases, we state the permissions that are needed at http://technet.microsoft.com/en-us/library/bb125149(EXCHG.80).aspx:
"If you are installing SCC on Windows Server 2003, you must use a domain account for the Cluster service account. All nodes in the cluster must be members of the same domain, and all nodes in the cluster must use the same Cluster service account. The Cluster service account must also be a member of the local administrators group on each node that is capable of hosting a clustered mailbox server.
The Cluster service account is responsible for creating and maintaining the computer account identified by and associated with the failover cluster's Network Name resource when that resource is brought online. To ensure that the Cluster service account has the appropriate permissions, see Knowledge Base article 307532, How to troubleshoot the Cluster service account when it modifies computer objects. Additional information can be found in Knowledge Base article 251335, Domain Users Cannot Join Workstation or Server to a Domain.
If you are installing SCC on Windows Server 2008, the Cluster service will run under the LocalSystem (SYSTEM) account."
Hope this helps.
--
Regards,
Scott Schnoll
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
"Kurt" <Kurt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4E6685B9-7CB3-4D3E-B03E-F9BC6E5B832C@xxxxxxxxxxxxxxxx
> Thanks Scott,
>
>
> Due to other errors I encountered trying an uninstall this morning > before I
> got your message I am just going to rebuild, as I am not sure what else > is
> wrong beind the scenes and want to make sure all is ok.
>
> I would recommend that MS put into the cluster docs that one needs to > create
> the CMS computer account in AD with the right permissions on it for the
> cluster service computer account in 2008. This would stop people from
> getting the PDC emulator problem in another site, and problems like > mine. It
> may not be necessary in all cases, but if people just create it before > hand
> it will stop these problems and people won't have to go looking for
> technotes, etc.
>
> Thanks,
>
>
> Kurt
.
- Follow-Ups:
- Re: Exchange install failed
- From: Kurt
- Re: Exchange install failed
- References:
- Re: Exchange install failed
- From: Scott Schnoll [MSFT]
- Re: Exchange install failed
- From: Kurt
- Re: Exchange install failed
- From: Scott Schnoll [MSFT]
- Re: Exchange install failed
- From: Kurt
- Re: Exchange install failed
- From: Scott Schnoll [MSFT]
- Re: Exchange install failed
- From: Kurt
- Re: Exchange install failed
- From: Scott Schnoll [MSFT]
- Re: Exchange install failed
- From: Kurt
- Re: Exchange install failed
- Prev by Date: Re: SMTP Gateway Hardware
- Next by Date: Re: SMTP Gateway Hardware
- Previous by thread: Re: Exchange install failed
- Next by thread: Re: Exchange install failed
- Index(es):
Relevant Pages
|
