Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Exchange Server 2003 Setup Is Unsuccessful and "Access Denied" Errors Are Logged

Exchange Server 2003 Setup Is Unsuccessful and "Access Denied" Errors Are Logged

View products that this article applies to.

Symptoms

When you try to install Exchange Server 2003, the Setup program starts to install Exchange Server 2003, but Setup is unsuccessful. "Access denied" errors are logged when it tries to create First Administrative Group. This problem occurs after you delegate permissions to install Exchange Server 2003 to a user or to a security group.

When you view the Setup.log file, the following information may be logged:
[11:17:57]  ScCreateOrgLevelAdminGroupObject (f:\df6851\admin\src\udog\exsetdata\components\sharedatoms\a_ag.cxx:542)
           Error code 0X80070005 (5): Access denied.
[11:17:57] Leaving ScCreateOrgLevelAdminGroupObject
[11:17:57]  CAtomAdminGroup::ScAddDSObjects (f:\df6851\admin\src\udog\exsetdata\components\sharedatoms\a_ag.cxx:302)
           Error code 0X80070005 (5): Access denied.
[11:17:57] Leaving CAtomAdminGroup::ScAddDSObjects
[11:17:57] mode = 'Install' (61953) CBaseAtom::ScSetup (f:\df6851\admin\src\udog\setupbase\basecomp\baseatom.cxx:842)
           Error code 0X80070005 (5): Access denied.

↑ Back to the top

Cause

This problem may occur if the permissions that you delegated to the user or to the group have not replicated throughout the domain.

↑ Back to the top

Workaround

To work around this problem, allow sufficient time for the permissions to replicate throughout the whole domain, and then run the Setup program again.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top

More information

When you run Setup, it verifies permissions on the existing administrative groups. Setup expects the permissions to occur in the following ascending order:
  1. Read
  2. Read and Write
  3. Read, Write, and SetPerms
If the security permissions have not replicated throughout the whole domain, the permissions may not be present in the ascending order that Setup expects. For example, if you view the Exchange Server Setup Progress.log file, the following information may be logged: 
[10:50:43] Checking permissions on the admin group: /dc=com/dc=example/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=OrganizationName/cn=Administrative Groups/cn=Group-1
[10:50:43] We have permission ExchAG_Read
[10:50:43] We have permission ExchAG_Write
[10:50:43] Checking permissions on the admin group: /dc=com/dc=example/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=OrganizationName/cn=Administrative Groups/cn=Group-2
[10:50:43] We have permission ExchAG_Read
[10:50:43] We have permission ExchAG_Write
[10:50:43] Checking permissions on the admin group: /dc=com/dc=example/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=OrganizationName/cn=Administrative Groups/cn=Group-3
[10:50:43] We have permission ExchAG_Read
[10:50:43] We have permission ExchAG_SetPerms
[10:50:43] Final set of permissions: 0X40C040E0
In this example, Setup locates three administrative groups and determines that sufficient permissions are present to start the Exchange Server 2003 installation. However, the permissions are not present in the ascending order that Setup expects (the third administrative group has Read and SetPerms permissions, but not Write permission). When Setup examines the list of administrative groups to determine the groups that you can install Exchange Server 2003 in, it determines that none of the groups qualify.

When no group qualifies, Setup tries to create an administrative group named First Administrative Group and tries to install Exchange Server 2003 in it. If you are not logged on as an organization-level administrator, Setup is unsuccessful when it tries to create the administrative group and "Access denied" errors are logged.

↑ Back to the top

Keywords: KB818468, kbprb, kbbug, kbnofix

↑ Back to the top

Article Info
Article ID : 818468
Revision : 5
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 261