The Ultimate Guide to SBS 2008 Setup Failures
[Today's post comes to us courtesy of Damian Leibaschoff from Commercial Technical Support]
Since the early beta versions of SBS 2008, we have accumulated almost 3+ years of experience supporting the product. By now, we have a number of setup issues that we consider "common", this post will try to document these issues, the common triggers and the recovery steps if you have encountered them.
Let me start by saying that most of these issues can be prevented by just following the existing guidelines and documentation, the following post is a one stop checklist for your source server (SBS 2008 Migrations from SBS 2003 - Keys to Success).
Unfortunately, most of the failures are catastrophic. These failures leave the server in an unsupported state, half configured, with missing features and incorrect/unexpected settings. They require the source server to be restored from backup and the process to be started over, that is why, again, we stress the importance of the preparation work, testing and proven backup systems.
Most failure reasons can be isolated by looking at one of these files:
- C:Program FilesWindows Small Business ServerLogs SBSSETUP.LOG
- The main log, all failed tasks will be logged here.
- DcPromo logs
- C:Program FilesWindows Small Business ServerLogs DcPromo_Date.Time.LOG
- C:windowsdebugDcPromoUI.LOG
- C:windowsdebugDcPromo.LOG
- Will be needed to understand failures during the tasks that are used to promote the server to a domain controller.
- Exchange SetupLogs
- C:Program FilesWindows Small Business ServerLogs ExchangeSetup.LOG
- C:ExchangeSetupLogsExchangeSetup.LOG
- Will be needed to understand failure during the installation of Exchange. This file will not be present if Exchange installed with no errors, if that is the case, the log will be in its default location under c:ExchangeSetupLogs .
How to Use This Document
The remainder of this document is divided into three sections, SBSSETUP.LOG, ExchangeSetupLog and DcPromo Logs.
- If you have experienced a failure, open the C:Program FilesWindows Small Business ServerLogs SBSSETUP.LOG and jump to the end. Look for the following:
Setup: Here is the list of errors we encountered during setup:
(If you don't have this entry, we will discuss what could have gone wrong during this document) - In here, a list of the tasks that failed will be displayed, for example:
ConfigureExchangeEAPListTask: The Exchange E-mail address policy cannot be configured.
ConfigureWSSOutgoingEmailTask: Incoming and outgoing e-mail for Windows SharePoint
Services are not configured. ConfigureWSSIncomingEmailTask: Incoming and outgoing e-mail for Windows SharePoint Services are not configured. - This document will be organized by task names. In the example above, the task names are ConfigureExchangeEAPListTask, ConfigureWSSOutgoingEmailTask and ConfigureWSSIncomingEmailTask.
- It is important to note that this list does not include tasks that were skipped due to the failures. Furthermore, we can safely assume that the failures are cascading. In other words, the first task that failed most likely caused the other tasks to fail (a missing dependency) or that the same root cause is affecting all of those tasks.
- In the example above, the first or primary failing task is ConfigureExchangeEAPListTask.
Search the SBSSETUP.LOG section below for the primary failing task. In this example, that would be ConfigureExchangeEAPListTask. - You may find more than one section devoted to this task. Refer back to the sbssetup.log, exchange setup logs or dcpromo logs for a key error or exception to compare in order determine what the most common cause and resolution summary is. Please note that the resolution summary will provide guidance onto what the root issue might be and how to proceed but might not provide detailed troubleshooting information as that is not the intent of this post.
Do keep in mind that almost all of these issues were preventable, and the steps to detect them and take corrective action are documented so, in all cases where the setup has to be redone, follow SBS 2008 Migrations from SBS 2003 - Keys to Success after restoring the source server from a backup.
SBSSETUP.LOG
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
Exchange Server setup encountered an error.
Most Common Cause:
See ExchangeSetup log section below.
Resolution Summary:
See ExchangeSetup log entries below.
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
Task: In Task DcPromo_JoinDomain: The server was not promoted to a domain controller.
Most Common Cause:
See Dcpromo logs section below.
Resolution Summary:
See Dcpromo logs section below.
Primary Failing Task: CreateInternalCert
Key Error or Exception from the Log:
TaskManagement: In TaskScheduler.RunTasks(): The "SaveSBSCertificateToFile" Task or the "NET" TaskProcessor threw an Exception during the ITaskProcessor.Run() call:System.ArgumentException: CCertAdmin::GetCAProperty: The parameter is incorrect. 0x80070057 (WIN32: 87)
Most Common Cause:
Existing orphaned CA in AD. there was a server with a Certification Authority installed that is now offline.
Resolution Summary:
Fatal setup crash due to the number of missing dependencies and task failures.
Restore source server, cleanup invalid CA from configuration container, redo migration.
889250 How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000
https://support.microsoft.com/default.aspx?scid=kb;EN-US;889250
Step #6 Remove CA objects from Active Directory
Primary Failing Task: None - Setup Crash
Last entries in the SBSSETUP.LOG are NOT:
Setup: We made it all the way through the Wizard.
Setup: Removed the password.
Setup: Removed SBSSetup from the RunOnce.
Setup: Rebooting the box.
Key Error or Exception from the Log:
TaskManagement: In TaskScheduler.RunTasks(): The "ConfigureIE" Task or the "NET" TaskProcessor threw an Exception during the ITaskProcessor.Run() call:System.NullReferenceException: Object reference not set to an instance of an object.
Most Common Cause:
Usually seen in SBS 2008 to SBS 2008 migrations, also on migrations where there used to be an SBS 2008 server and the old policies still exist. The existing "Windows SBS User Policy" has been manually edited and one of the favorites we define changed.
Resolution Summary:
Fatal setup crash.
Restore source, follow the link below, redo migration
https://blogs.technet.com/b/sbs/archive/2008/12/16/sbs-2008-to-sbs-2008-migration-fails-when-windows-sbs-user-policy-edited.aspx
Primary Failing Task: CreateNewUserTask
Key Error or Exception from the Log:
Task: In Task CreateNewUserTask: The network administrator account cannot be created.
Most Common Cause:
On clean installs, trying to use a user name that conflicts with an existing built-in account, such as "Network Administrator"
Resolution Summary:
Since this will happen on a clean install, redo the setup and chose a different account name.
Primary Failing Task: CreateNewUserTask
Key Error or Exception from the Log:
You might see the following message on the screen:
The user role cannot be found. Select a different user role.
Resolution Summary:
If this is a clean install, disable time synch on the virtual machine and start setup over. If this is a migration, restore source server before redoing the setup.
956359 The installation of Windows Small Business Server 2008 on a Hyper-V virtual machine fails if the time zone of the virtual machine differs from the time zone in the parent partition
https://support.microsoft.com/default.aspx?scid=kb;EN-US;956359
Primary Failing Task: ConfigureExchangeEAPListTask
Key Error or Exception from the Log:
Messaging: MessagingTaskException: The SMTP address template 'Unchecked_Address_Here' is invalid because it references a domain that is not an accepted domain. - Error# (80006)
Most Common Cause:
SMTP domain listed in Default Recipient Policy in source server is UNCHECKED. The actual entry will be displayed in the error.
Resolution Summary:
Manually complete the TechNet steps for the 3 failed tasks (https://technet.microsoft.com/en-us/library/cc546065(WS.10).aspx):
The Exchange E-mail address policy cannot be configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Primary Failing Task: ConfigureExchangeEAPListTask
Key Error or Exception from the Log:
Messaging: MessagingTaskException: The recipient policy "Policy_Name_Here" with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object. - Error# (80006)
Most Common Cause:
A mailbox manager policy exists in the source Exchange 2003 server. The actual policy name will be displayed in the error.
Resolution Summary:
Manually complete the TechNet steps for the 3 failed tasks (https://technet.microsoft.com/en-us/library/cc546065(WS.10).aspx):
The Exchange E-mail address policy cannot be configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Primary Failing Task: ConfigureCA
Key Error or Exception from the Log:
Message: A value for the attribute was not in the acceptable range of values. (Exception from HRESULT: 0x80072082)
Most Common Cause:
Most likely an invalid CA name.
Resolution Summary:
Restore source, verify CA name in answer file, if in doubt, leave it blank, there is little need to configure this on your own, so change it if suspect, don't copy and paste the name from another source, redo migration.
Primary Failing Task: PostDCPromoTask
Key Error or Exception from the Log:
---> System.DirectoryServices.DirectoryServicesCOMException (0x8007200F): The directory service is unavailable. (Exception from HRESULT: 0x8007200F)
Most Common Cause:
Multiple AD issues, failure moving FSMO roles. Usually RPC connectivity issues back to the source DC, usually tied to ports blocked on the source server (TCP/135, Etc.).
Resolution Summary:
Fatal consequences to the setup, Exchange will most likely have failed too.
Restore source, check AD health, remove any third party endpoint solutions, make sure ISA is not causing problems, redo migration
Primary Failing Task: PostDCPromoTask
Key Error or Exception from the Log:
Task: Caught exception System.NullReferenceException:
Object reference not set to an instance of an object.
at System.DirectoryServices.ActiveDirectory.Utils.Compare(String s1, String s2,
UInt32 compareFlags)
Most Common Cause:
This can happen if an NT4 BDC still exists in the source domain or there is an orphaned DC.
Resolution Summary:
Fatal setup crash.
Restore source, remove NT4 server or perform the proper metadata cleanup for an orphaned DC, redo migration
Primary Failing Task: PostDCPromoTask
Key Error or Exception from the Log:
No error in the log (yet), but you receive the following prompt:
Active Directory replication is taking longer than expected. You can choose whether to continue waiting.
If you choose not to wait, the migration may fail. Unless you are sure that replication is working correctly, it is recommended that you continue waiting.
Do you want to wait for the replication to finish? (Yes/No)
Most Common Cause:
You will only get this dialog after we have waited for 25 minutes and the new server has not been able to properly contact the source DC to initialize the file replication service (FRS), this is preventing the new server from becoming a domain controller. Clicking No on this dialog will almost certainly mean a failed setup. The source server is most likely in journal wrap or having FRS issues.
Resolution Summary:
Correct the FRS issues on the source server, do not reboot the new server or close down the setup, leave the popup dialog open, once the FRS issues are corrected on the source server, you can open a command prompt on the new server by using Shift-F10 and restart the Netlogon and FRS services, then confirm that SYSVOL and NETLOGON are shared on the new server by using NET SHARE, only then you should click Yes to continue waiting, after 5 minutes the setup will go on.
Primary Failing Task: CreateMailDisributionGroups
Key Error or Exception from the Log:
Messaging: MessagingTaskException: The value "postmaster" of property "SamAccountName" is used by another recipient object "Domain-NAME/MyBusiness/Users/SBSUsers/postmaster". Please specify another value. - Error# (80006)
Most Common Cause:
Existing SAM account with Postmaster name.
Resolution Summary:
Rename the existing Postmaster account in Active Directory.
Manually complete the TechNet steps for the 3 failed tasks (https://technet.microsoft.com/en-us/library/cc546065(WS.10).aspx):
E-mail distribution groups cannot be created.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Primary Failing Task: CreateMailDisributionGroups
Key Error or Exception from the Log:
Messaging: MessagingTaskException: The proxy address "smtp:account@contoso.local" is already being used by "contoso.local/server/account". Please choose another proxy address. - Error# (80006)
Most Common Cause:
Existing email address in use by an existing account.
Resolution Summary:
Remove the conflicting e-mail address (usually abuse or postmaster) from the existing account.
Manually complete the TechNet steps for the 3 failed tasks (https://technet.microsoft.com/en-us/library/cc546065(WS.10).aspx):
E-mail distribution groups cannot be created.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
Primary Failing Task: ConfigureGP
Key Error or Exception from the Log:
Task: In Task ConfigureGP: Windows Small Business Server group policies cannot be configured.
Most Common Cause:
Source server in Journal Wrap or issues with FRS.
Resolution Summary:
Examine the FRS event logs on source and SBS 2008 server, correct the FRS replication issue.
Fix the missing policies by using:
https://blogs.technet.com/b/sbs/archive/2009/09/03/how-to-manually-create-the-sbs-2008-and-wsus-group-policies-objects.aspx
Manually complete the TechNet steps for the 3 failed tasks (https://technet.microsoft.com/en-us/library/cc546065(WS.10).aspx):
Windows Server Update Services cannot be configured
Primary Failing Task: ClientConfigureIISTask
Key Error or Exception from the Log:
Setup: Task ClientConfigureIISTask failed.
Most Common Cause:
Corrupt DNS record (Companyweb, Connect or sites), multiple NICs enabled on the new server, WMI broken/blocked on source server.
Resolution Summary:
Fatal setup failure
Restore source server, check DNS records (can you open them, edit them, query them), check WMI connectivity from the network on source server, disable extra NICs on new server from the BIOS, redo migration
Primary Failing Task: AddCodeSigningTemplate
Key Error or Exception from the Log:
Task: ErrorCode:0
BaseException: Microsoft.WindowsServerSolutions.CoreNetworking.CNetException: Could
not access CA templates ---> System.UnauthorizedAccessException:
CCertAdmin::SetCAProperty: Access is denied. 0x80070005 (WIN32: 5)
Most Common Cause:
Source server has had an Authoritative System State restore
Resolution Summary:
Restore source server, Apply hotfix 939820 to the source server, reboot
Redo migration again
[UPDATED 2/11 - New Resolution - Provided by John Bay, Sr. SEE in CSS]
Primary Failing Task: None - Setup never completed
Last entries in the SBSSETUP.LOG are NOT:
Setup: We made it all the way through the Wizard.
Setup: Removed the password.
Setup: Removed SBSSetup from the RunOnce.
Setup: Rebooting the box.
Key Error or Exception from the Log:
Task: Task ("MUPhase2Task") execution complete.
TaskManagement: Previous Task required us to stop processing Tasks for a restart, failure, or cancel.
TaskManagement: A Reboot was required. Now=True,Finished=False,Redo=True
Setup: TME needs a reboot: bTMEHasMoreToDo=True bPrepareOnly=False
Setup: Setting RebootPendingValue to true.
Setup: Back from running the TME
Setup: Setting ResultFile value to C:Program FilesWindows Small Business ServerDataTMEResultsTaskStatusResults634104809850346319.xml
Wizard: Admin:QueryNextPage(sbssetup.mainprogress) = null
Wizard: WizardChainEngine Next Clicked: Last page, so the wizard isdone, closing wizard frame and returning
Setup: Setting ShowBillboards to False
Wizard: sbssetup.mainprogress exited with the button: Next
Wizard: TOC sbssetup.finish is NO longer on ExpectedPath
Setup: We are back from the wizard after user clicked Next.
Setup: Get Stage = <null>
Setup: We have a reboot pending.
Setup: Rebooting the box
Most Common Cause:
The server went for the reboot but the setup never resumed. This can happen due to some source environment conditions and a timing issue during the setup during certain installs. Once it happens, the setup is not completed and steps are required to finish it. This assumes that all setup tasks that have completed up until this point have worked.
Resolution Summary:
1-Use Notepad to create the following registry file, save it and import it (within the cut here blocks, do not include them). Save the file as import.reg, then double click the file to trigger the import.
--cut here--
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSmallBusinessServerSetupInternal]
"Stage"="MainProgress"
"InProgress"="True"
--cut here--
2- Then you must recreate the info.xml file. The file will be saved as SBSSetup-runtimedata.dat
Copy c:program fileswindows small business serverdatatmeenginestatesbssetup-runtimedata.dat to c:program fileswindow small business serverdatainfo.xml (replace the existing file.
3- Once the registry keys are in place, and the info.xml has been recovered, you can attempt to continue the setup by running c:program fileswindows small business serverbinsbssetup.exe . Make sure you are using the same administrative account used during the setup
Primary Failing Task: None - Setup never completed
Last entries in the SBSSETUP.LOG are NOT:
Setup: We made it all the way through the Wizard.
Setup: Removed the password.
Setup: Removed SBSSetup from the RunOnce.
Setup: Rebooting the box.
Key Error or Exception from the Log:
Setup: Exception removing info: System.IO.IOException: The process cannot access the file 'C:Program FilesWindows Small Business ServerDatainfo.xml' because it is being used by another process.
Most Common Cause:
If you have this entry in the log then most likely the server was forcefully rebooted by a process outside the control of our setup, it could have been done by a user, a power outage, or in some cases a WSUS policy pushing an update and forcing a reboot.
Resolution Summary:
Restore source server, disable WSUS services and policies on the source server, redo migration.
Primary Failing Task: ExtendLicensingAD
Key Error or Exception from the Log:
MMSSetup_ExtendLicensingSchema: License store size not set correctly.Unknown error (0x8000500c)
Most Common Cause:
On clean installs, this is a sign that we are installing onto a virtual environment and the time synch features are still turned on for this virtual machine.
Resolution Summary:
If this is a clean install, disable time synch on the virtual machine and start setup over. If this is a migration, restore source server before redoing the setup.
956359 The installation of Windows Small Business Server 2008 on a Hyper-V virtual machine fails if the time zone of the virtual machine differs from the time zone in the parent partition
https://support.microsoft.com/default.aspx?scid=kb;EN-US;956359
Primary Failing Task: RedirOUTask
Key Error or Exception from the Log:
Task: Error, unable to modify the wellKnownObjects attribute. Verify that
the domain functional level of the domain is at least Windows Server 2003
Most Common Cause:
The most common cause for this issue is that the domain functional level was not set correctly.
Resolution Summary:
Check the following documentation to complete the redirection after fixing the domain functional level.
https://technet.microsoft.com/en-us/library/cc527545(WS.10).aspx
ExchangeSetupLog
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] Recipient policy '' uses an unsupported SMTP addressing format (). The value must be changed before Setup can continue.
Most Common Cause:
Invalid recipient policy on source, the name of the policy and the invalid address will be displayed in the actual error.
Resolution Summary:
Restore source, correct existing recipient policies, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] Domain controller not found in the domain "Domain_Name".
Most Common Cause:
AD/DNS Health Issues
Resolution Summary:
Restore source, diagnose and correct existing issues, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] Active Directory operation failed on <server>.<domain>. This error
could have been caused by user input or by the Active Directory server being
unavailable. Please retry at a later time. Additional information: Additional
information: The global catalog verification failed. The global catalog is not
available or does not support the operation. Some part of the directory is
currently not available.
Active directory response: 000020E1: SvcErr: DSID-0320062F, problem 5002
(UNAVAILABLE), data 0
Most Common Cause:
Source server has had an Authoritative System State restore
Resolution Summary:
Restore source server, Apply hotfix 939820 to the source server, reboot
Redo migration again
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] You do not have permissions to read the security descriptor on CN=Deleted Objects,CN=Configuration,DC=xxxxxx,DC=xxxx
Most Common Cause:
Corrupt AD container.
Resolution Summary:
Restore source server, correct corrupt AD permissions/container issue,
Run migration again
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] Could not find the default Administrative Group 'Exchange Administrative Group (FYDIBOHF23SPDLT)'
Most Common Cause:
Environment was incorrectly cleaned up after a previous failed setup, Exchange 2007 administrative group was removed.
Resolution Summary:
On the failed SBS 2008 server installation, run the following using the exchange repair media off DVD #2:
setup.com /preparead
This has to complete successfully before you can proceed to remove the failed server. Once it completes, we need to open Server Manager and remove the CA role, then complete a dcpromo /down on the SBS 2008 failed server (make sure you do NOT select that this is the last server in the domain/forest), once that is completed, we can format the failed server and start the migration over.
There was most likely a first failure that lead to the cleanup attempt, if the logs of the first failure are available, then the issue could be addressed, if not, make sure the SBS 2008 Migrations from SBS 2003 - Keys to Success is followed before attempting a new setup.
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.
Most Common Cause:
Missing or invalid RUS (Recipient Update Service) on the source exchange
Resolution Summary:
Restore source server, correct RUS issue, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] The Exchange organization is not in native mode.
Most Common Cause:
The SBS SourceTool was not completed on the source server. Source Exchange server is still in mixed mode.
Resolution Summary:
Restore source server, follow documentation, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] One or more Active Directory Connectors have been found. Please remove all Active Directory Connectors before installing Exchange 2007.
Most Common Cause:
Legacy Active Directory Connector service is present on the source server.
Resolution Summary:
Restore source server, remove AD connector, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] The template, "SMTP:@contoso.com", cannot appear more than once as enabled or disabled e-mail address templates.
Most Common Cause:
Duplicate email address found in source server recipient policies.
Resolution Summary:
Restore source server, remove duplicate entries, redo migration
Primary Failing Task: InstallExchangeTask
Key Error or Exception from the Log:
[ERROR] A reboot from a previous installation is pending. Please restart the system and rerun setup.
Most Common Cause:
Usually software was automatically installed through a group policy while the SBS Setup was running.
Resolution Summary:
Restore source server, unlink any group policies that are configured to push software to other clients/servers, redo migration
DcPromo Logs
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
"The specified account already exists."
Most Common Cause:
Existing computer account with the same name.
Resolution Summary:
Change answer file name for the new server or properly cleanup the existing account off AD. Redo migration
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
"Access is denied."
Most Common Cause:
GPO settings on source domain, usually missing trust for delegation.
Resolution Summary:
Check security settings on source domain, redo migration
232070 When you run Dcpromo.exe to create a replica domain controller, you receive the "Failed to modify the necessary properties for the machine account. Access is denied" error message
https://support.microsoft.com/default.aspx?scid=kb;EN-US;232070
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
The Directory Services Restore Mode password does not meet its complexity criteria.
Most Common Cause:
Weak Admin password
Resolution Summary:
Change the password, redo the migration.
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
The Directory Services Safe Mode password does not meet the minimum password length requirement of the password policy. Supply a longer password.
Most Common Cause:
Weak Admin password
Resolution Summary:
Change the password, redo the migration.
Primary Failing Task: DcPromo_JoinDomain
Key Error or Exception from the Log:
You cannot install an additional domain controller at this tim
Comments
Anonymous
January 01, 2003
Good catch, article has been edited.Anonymous
August 09, 2010
"Active Directory replication is taking longer than expected" part, the Resolution Summary: leave the popup dialog open, once the FRS issues are corrected on the new server.... I think that should be source server.