Updated 4/9/2014 with additional information to hopefully help you
Now Microsoft has made the Exchange 2013 setup is pretty easy, but what happens when you run into problems? There are a myriad of different ways an install can go upside down, and I’m going to try to touch on as many as I’ve seen here. I guarantee it won’t cover them all but I’m more than willing to jump in and take a look with you – just leave me a blog post to take it from there.
Contents
Installation Media issues
I’m going to start here and reiterate that the consistency of your installation media is PARAMOUNT. I’m not sure why I’ve seen so many install issues with Exchange 2013 because of a bad ISO or install EXE. I can’t say if it’s due to issues during the download, from the Microsoft end, or at the client end – take your pick, I’ve seen them all. I’ve even tried to copy the SP1 EXE package from a network share to my Exchange server and end up with the File is Corrupt message.
You could get as far as one of the 15 steps for install and then magically have Exchange install bomb. The bad thing about this is if it happens during a step, and you try to rerun setup using this same media, it could make things worse to where you would need to perform something like the Uninstall & Cleanup process.
My recommendation would be 2 fold:
- For an ISO, copy the files off the disk to a local folder on the Exchange server itself. If you seen Incorrect Function using the GUI, or like in the case below using ROBOCOPY, cut your losses and download a new copy. Don’t keep retrying the install
- For the self-extracting package, download right from the Microsoft site (or use a USB drive if you’re not virtual, but who isn’t these days) on the Exchange server itself, then expand to a folder on the same machine. Don’t try to expand to a network path!!!!
Rerunning Installation
If you rerun setup from media, its smart enough to detect know and try a repair
In this scenario, using Programs and Feature to try and perform a change to fix what is broken.
Bare Metal Recovery
Because my domain controller in the lab rebooted during the Mailbox role install, even when attempting the /RecoverServer switch, it would not work.
I ended up nuking the server, rebuild it in AD with the same name, and then reran setup using the /m:recoverserver switch.
This is OK in a test environment, but when I tried to reinstall it looked to verify the mailbox databases were in their original path, it failed. I did not have these backed up, but of course in a REAL environment we would have backups of our email databases.
In order to work around reinstalling Exchange 2013, I had to remove the database in AD using ADSIEDIT.msc
This is under [Configuration | Services | Microsoft Exchange | <Your Organization> | Administrative Group | Exchange Administrative Group | Databases]
No Exchange Server installed / Forest Already Exists
Another interesting scenario I’ve seen is where the installation has performed the AD organization prep but for some reason Exchange Server never installed. When you try and run the /m:recoverserver install, it will give you the message “Can’t specify installation mode because no Exchange Server is installed on this machine”
When you open ADSIEDIT.MSC
Configuration | Services | Microsoft Exchange | <Your Organization> | Administrative Group | Exchange Administrative Group | Servers]
You will find the actual server name is not listed at all.
When you look at the ExchangeSetupLog, you will find a message that “An Exchange organization with the name <organization> exists” or “Exchange organization cannot be specified” when you perform with the install.
In this case, it was to be the only exchange server in the organization, and in the AD forest. The only thing you can really do is perform a cleanup of AD and the Exchange server (see Uninstall & Cleanup)
Uninstall & RSAT
If you have to perform an uninstall of Exchange and see this a message about Uninstall-ExsetDataAtom:
It usually means you did not install the Remote Server Administration Tools, so it can’t talk to Active Directory . You need to run the following Powershell commands:
Install-WindowsFeature RSAT-ADDS, RSAT-ADDS-Tools
Reinstall & AdminTools
During reinstall after a failed installation you may see this message:
Check the registry and remove the AdminTools key
Does not possess the SeSecurityPriviledge priviledge
This one actually has some good information online already to help in resolving the issue.
You see the error in setup or in the ExchangeSetupLogs file that says “The process does not possess the ‘SeSecurityPriviledge’ priviledge which is required for this operation”
In short, this has to do because the Manage auditing and security log user right assignment has been set somewhere in GPO – whether it be in a specific GPO or in the Default Domain Policy (which is where I saw it).
You not only want to clear out any users or groups, but you also need to uncheck Define these policy settings. That way it comes back as Not Defined,
Once you’ve made this GPO change effecting the Exchange Server, a GPUPDATE /FORCE will not cut it, because this is a computer policy that only gets applied at startup. Reboot the server and restart setup again.
IIS & Default Web Site
This was another fun one that was encountered as part of a cleanup attempt that went wrong. Instead of cleaning up the Default Web Site of virtual directories, etc, the Default Web Site itself was deleted.
This would product the errors such as the obvious one below, stating that “The web site ‘Default Web Site’ on server ‘<servername>’ doesn’t exist. Web site names are case sensitive” when executing the new-PowerShellVirtualDirectory command
Thankfully I was able to recreate the site and it automatically assigned it as site #1. In cases where you’re not so lucky, you “may” need to use one of the IIS AdminScripts to change the site ID.
As note, in IIS7+ this is a feature you need to install from:
IIS > Web Management Tools > IIS 6 Management Capability > IIS 6 Scripting Tools
There’s an article that goes into more detail on how the process works, using cscript adsutil.vbs. Thankfully on me reference Windows 2012 R2/IIS8 machine it automatically reassigned it.
As a fallout when you recreate the Default Web Site, you are also missing your site binding, You’ll fix the Default Web Site, and then come across an error like that says “The HTTPS protocol binding does not exist in default web site in ‘C:\Windows\system32\inetsrv\config\ApplicationHost.config’.”
Here is a full list of bindings you’ll need:
Also with your SSL sites, be sure to select the Microsoft Exchange certificate!!!!
Error 1605 Installing product exchangeserver.msi failed
This was a particularly nasty one that would reoccur because some old remnant of an install failed and normal methods in detecting/cleaning just didn’t work.
You would see the message “Installing product exchangeserver.msi failed. This action is only valid for productions that are currently installed. Error code is 1605.”
This would come up using both the GUI and the command line, with some slightly different wording.
Looking at the ExchangeSetupLogs, it would come back with the actual Installer GUID, {4934D1EA-BE46-48B1-8847-F1AF20E892C1}
And when I searched the registry for this GUID, sure enough I found a left over registry key. Once I delete it and restarted setup, it continued with no problem.
Uninstall & Cleanup
In the course of managing Exchange, the situation may arise where you need to uninstall the Exchange organization from your environment.
Should you ever need to reinstall Exchange, performing a uninstall via Programs and Features is THE best way to gracefully remove yours Exchange installation. However, in the course of being an admin things occur where even a graceful removal can leave remnants behind. There are some places that setup looks for information, and removing these manually can help in the reinstall process:
The Exchange folders in AD via ADSIEDIT, in the Default naming context
The Exchange folders in AD via ADSIEDIT, in the Configuration node
The Exchange installation folder on the hard disk
The front end and the back end websites in IIS
EDIT – Don’t delete the Default Web Site!!!!
Just remove all of the virtual directories EXCEPT aspnet_client
You’re fine to remove the Exchange Back End site
Under the Users container in AD, with the resource accounts Exchange creates
In the Registry
You might also need to do a search of the registry for keys and values that contain the name MSExchange, Microsoft.Exchange, and Exchange, in the event of getting stuck in a loop reinstalling where it still sees previous components of a failed install.
For instance, the Programs & Features entry may still exist in the Uninstall hive
As well as the Installer hive
So when I try to uninstall exchange and it indicates there is still a datasbase. I can just remove that entry from ADSIedit for the database and i’ll be able to uninstall it?
Ideally, if you can remove Exchange successfully the proper way is to remove user mailboxes, arbitration mailboxes, and then delete the database via EAC. But if all those fail, you CAN use ADSIedit to remove the database to continue the uninstall. You will need to clean up the rest of AD to remove attributes and user accounts, as mentioned above.
Thanks for sharing your knowledge and experience. This helped me with a bad install.
[…] OK, it seems that the above clean-up wasn’t sufficient and I was forced to start from scratch. It appears that someone has already blogged about it and I came to notice that this is not a supported method for Exchange clean-up: Exchange Clean-up […]
If that email address works when I get done with all this you know you worked some magic! I have been struggling with Exchange for two days and multiple wipe/re-installs. Thank you so much for posting this. I have handed it off to my other techs as well in case it is ever needed again. Thanks so much for taking the time to post it! There is not a lot of info on Exchange 2013 out there yet so this was very helpful.
I got hung up on step 1 of 4: Client access role: front end transport service. I am installing 2013CU1 into a mixed environment with Exchange 2007. On installation, I get this error:
The following error was generated when “$error.Clear(); set-ExchangeServerRole -Identity $RoleFqndOrName -IsFrontendTransportServer:$true -DomainController $RoleDomainController” was run: “the operation couldn’t be performed because object ‘Server fQDN’ couldn’t be found on ‘dc fqdn’
(obviously, I left out the actual server names)
The install dies right here. Since the install never finished, I can’t remove this via control panel. I’m ready to use the instructions above to remove all this from AD, but I’m worried about the existing Exchange 2007 server that I was going to migrate from. Will removing the items via ADSIEdit as described in this post hurt the current install, or only the exchange 2013 install?
Thanks for the help in advance!
Mark, I dropped you an email but wanted to see if Exchange 2007 SP3 CU10 was installed OK for the coexistance for 2013 in an existing 2007 forest. Also, from a topology standpoint deleting the right Exchange 2013 objects would be crucial as to not harm the Exchange organization.
I too have a concurrent 2007 with a 2013 that I am trying to remove. I am also concerned with breaking an exchange environment that is working to get 2013 removed. Can you provide the instructions so I do not remove what exchange 2007 needs to operate correctly?
Brian – If we were talking Exchange 2003 to 2013 then you would need to do a “swing migration” to either Exchange 2007 or 2010 to get it into 2013. But at the heart of Exchange is Active Directory, and as long as your existing installation is sound, your Exchange 2013 installation will simply join the existing Exchange organization. You’ll need to do the necessary staging and configuration to get 2013 working properly, but once it’s online you should have no problem moving mailboxes, etc.
[…] install will result in a failed/incomplete installation which will result in having to perform a messy cleanup operation before you can […]
Sir, you are a legend! Thanks 🙂
Lors de l’installation d’exchange server 2013 j’ai obtenu cette erreur Erreur :
L’erreur suivante intérêt survenue seillers de l’exécution de “$ error.Clear ();
$ InternalOwaUrl = “https://” + $ RoleFqdnOrName + “/ owa»;
nouveau-OwaVirtualDirectory Rôle ClientAccess-DomainController $ RoleDomainController-InternalUrl $ InternalOwaUrl;
“:”. Une Erreur Est survenue seillers de la création du Répertoire virtuel IIS «IIS :/ / Sifast.server.local/W3SVC/1/ROOT/owa» sur «SIFAST» “
Hi Ines, I wish I could better translate this French but based on what Google Translate was able to help in converting it looks like during the install its having a problem creating the OWA virtual directory on the Default Web Site. I’d need to see the ExchangeServerLogs (which also are probably in French) to determine what specifically it could not do. I’d try there first and also make sure that IIS is healthy – and the Default Web Site exists).
Hello Chris,
I ran into your Website from a google search of desperation.
I created a test domain and exchange 2013 on some High end Desktop machines and it worked flawlessly. I got mail flowing thru company firewalls, etc.
IT Director loved it,So I bought 4 servers and set out to replicate it on its own production domain.
Exchange bombed miserably and now I think I am having issues with AD?
This is a brand new domain, and I could start over from Scratch (eek), but, I am desperately looking for the best course of action to get Exchange 2013 loaded.
thanks
Hi Chip, I dropped you an email to get some more detail on what you’re running in to, would love to help!
Exchange 2013 is bad my server a new 2013 with ad and dns and everything else on it 100% passed Exchange 2013 Prerequisites then fails during set up removed exchange with adsi ran re install fails again and again
I had the chance to work with Alfonso and will be posting an update to this blog on some additional things to look at in the troubleshooting arena very soon!
SUPER useful article. Thank you so much.
Hi,
I could really do with some advice before I head off to log with Microsoft.
I am working at a clients site on an Exchange 2007 to 2013 migration, I believe this is the third migration in a row starting from Exchange 5.
Everything looked to be installed properly until I went into EAC and clicked on one of the current Exchange 2007 mailbox servers and got the following error message.
‘The operation couldn’t be performed because object ‘Exchange Server’ couldn’t be found on ‘Domain Controller’
I have trawled the internet, checked obvious things like replication and even the object in AD on that domain controller.
Aby ideas?
I think you’re seeing more of an AD-related issue than you are necessarily Exchange itself. Without scouring event logs in both of these places it would be hard to say exactly what the root cause is, but I would most definitely start there.
I am migrating SBS2003 to excahnge 2013. But now exchange 2013 installation run into problem because Excahnge 2003 did not uninstalled cleanly.
Do you know any good guide how to remove 2003 remains from AD?
Exchange 2013 cannot exist in the same forest as Exchange 2003, which is what you are running into here.
Here’s a good article with some pointers around cleanup of Exchange 2003:
http://www.msexchange.org/articles-tutorials/exchange-server-2003/migration-deployment/Remove-Exchange-server-entire-Exchange-organization.html
URGENT !!! Please Help me !!!!
I have an Windows Server 2012 R2 Std ran as an AD and DC.
When installing Exchange 2013, i ran into an issue and the server failed installing the Client Access Role
error:
The following error occurred while executing “$ Error.Clear ();
Install-ExchangeCertificate -WebSiteName “Exchange Back End” -services “IIS, POP, IMAP” -DomainController $ RoleDomainController -InstallInTrustedRootCAIfSelfSigned $ true
if ($ RoleIsDatacenter -ne $ true -and RoleIsPartnerHosted $ true $ -ne)
{
Install-AuthCertificate -DomainController $ RoleDomainController
}
“” Unable to grant network access service to the certificate with 581D4C619D6F558D1017286C8B606BA41C93ED67 footprint as a cryptographic exception was thrown. “.
Thank you advance,
Best Regard.
My best guess has to do with the actual certificate you’re using with the 581D4C619D6F558D1017286C8B606BA41C93ED67 thumbprint. Sometimes it can be permissions, sometimes it can be the request, and others it can just be that it wasn’t requested or exported to allow the private key use. I’d suggest starting there first.
Helpful post there Chris…you jus saved my day. Almost reinstalled my DC.
We run into a situation with a 2013 server installed with a 2007 server, (no mboxes on 2013, or mailflow changes),and the 2013 server is starting to throw exceptions (cannot connect to local exchange server etc). Uninstall does not work (mailbox db exists etc), and we do not have a UI to install from cannot connect to the server.
My thoughts are 1) uninstall the 2013 (but need to do this manually), then 2) re install the 2013 server
If we follow your instructions to forcefully remove the 2013 server, what happens to the existing exchange 2007? So far all we have done is generate a certificate request (will need to redo that)
Any thoughts?
At the time installation. I got below error. Kindly help on below error
Microsoft Exchange Server 2013 sp1 setup
Error:
The following error was generated when “$error.Clear();
set-InstallPathInAppConfig -ConfigFileRelativePath “FrontEnd\HttpProxy\sync” -ConfigFileName web.config
” was run: “Access to the path ‘C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\sync\web.config’ is denied.”.
Hey Waleed – it’s a rare case but I’ve seen some pretty nasty AD environments (mostly lab have you) that have caused failed Exchange 2013 installs. I’ve spent days upon days in hopes that I can work around it, only to end up blowing away the entire forest. Hopefully you don’t have a production environment in place, as I know that would make it more difficult to achieve.