Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

In an Exchange mixed mode environment, the installation of an Exchange 2007 Hub Transport role fails if you select any legacy Exchange cluster server that is running on a Windows 2000 platform as the target bridgehead server


View products that this article applies to.

Introduction

This article describes an issue that occurs when you set up a Microsoft Exchange Server 2007 Hub Transport role in an Exchange mixed environment that also includes Microsoft Windows Server 2000-based clustered computers that are hosting an older version of Exchange virtual server

↑ Back to the top


More information

You cannot use the Mail Flow Settings page in Exchange Server 2007 Setup to select a bridgehead server in the existing cluster that is hosting a legacy Exchange server. When you select the Exchange Server 2007 server as the Exchange source server and select any legacy Exchange cluster servers that are running on a Windows 2000 platform as the target server for the routing group connector

In other words, a routing group connector should be created in Exchange Server 2007 during the Exchange Server 2007 Setup. This requires a computer account to be add to the ExchangeLegacyInterop security group for the connected computer in Active Directory. However, this computer account does not exist because Windows Server 2000 cluster servers do not have a computer account in the Active Directory directory service. Therefore, the computer account cannot be added to the ExchangeLegacyInterop security group.

In this scenario, you receive the following error message:
Cannot find computer object in Active Directory for server 'virtual server name'
If you manually create the Routing Group Connector by using the New-RoutingGroupConnector command, you receive the following error message:
New-RoutingGroupConnector : Active Directory operation failed on <GC Server>.Domain.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03152392, #1:0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 262b30e2 (msExchTargetBridgeheadServersDN) At line:1 char:26 + New-RoutingGroupConnector <<<< -Name "RGC Name" -SourceTransportServers "2007Source.domain.com" -TargetTransportServers "2003Target.domain.com" -Cost 1 -Bidirectional $true -PublicFolderReferralsEnabled $true VERBOSE: New-RoutingGroupConnector : Ending processing.
If you run the New-RoutingGroupConnector command by using the -Debug -Verbose switches, you receive the following error message:
VERBOSE: New-RoutingGroupConnector : The properties changed are: "{ TargetRoutingGroup='CORPHQ', Cost='1', TargetTransportServerVsis={ '1' }, ExchangeLegacyDN='/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Connections/cn=RGC Name', PublicFolderReferralsDisabled=$False, VersionNumber='7638', SourceTransportServerVsis={ '2007Server\1' }, HomeMTA='Microsoft MTA', MinAdminVersion='-2147453113', SystemFlags='Renamable', Id='RGC Name', RawName='RGC Name' }".

VERBOSE: New-RoutingGroupConnector : Saving object "RGC Name" of type "RoutingGroupConnector" and state "New".

VERBOSE: New-RoutingGroupConnector : Previous operation run on domain controller '<GC Name>.domain.com'. Confirm Active Directory operation failed on <GC Name.domain.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03152392, #1:0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 262b30e2 (msExchTargetBridgeheadServersDN)
If you install Microsoft Windows 2000 Server Service Pack 3 (SP3), you can create a computer account in Active Directory for the cluster virtual server. However, this configuration is not supported for Exchange 2000 Server.

Kerberos authentication for the Network Name resource on which Exchange 2000 Server depends is not supported on a server cluster. Exchange 2000 Server was not tested with the expectation that a cluster virtual server would support Kerberos authentication. This configuration may not function correctly.

Future versions of Exchange Server may take advantage of Kerberos authentication for server clusters.

For more information about support for Exchange 2000 Server on a Windows Server 2000 Service Pack 3-based computer, click the following article number to view the article in the Microsoft Knowledge Base:
235529 Kerberos support on Windows 2000-based server clusters
For more information about the Mail Flow Settings page in the Exchange Server 2007 setup process, visit the following Web site:

↑ Back to the top


Keywords: KB934258, kbpolicy, kbinfo, kbexpertiseadvanced, kbexpertiseinter, kbhowto, kbharmony, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 934258
Revision : 4
Created on : 1/15/2015
Published on : 1/15/2015
Exists online : False
Views : 371