I was working on a customer site which has a Windows 2008 R2 domain with both Exchange 2007 SP2 and 2010 RTM running. The 2010 RTM was introduced into the 2007 SP2 environment.
Installation of 2010 RTM went fine, no errors. But, when I launched 2010 management console and navigated to Server Configuration -> Client Access, an error popped up saying,
"An IIS directory entry couldn't be created. The error message is Access is denied. HResult = -2147027891 It was running the command 'Get-Owa-VirtualDirectory'.
My virtual directories was not listed in the interface as well. (OWA, ActiveSync & OAB entries were missing).
In order to fix the above issue, check that local administrator group on the Exchange 2007 SP2 server. In my case, I had the following listed as local admins.
If “Exchange Trusted Subsystem” is not a member of the local admins of the 2007 box, add the group.
After that, launch 2010 EMC and all should be good. You will have your virtual directories listed and no error messages!
You DON’T have to add the Exchange 2007 server as a member of the “Exchange Trusted Subsystem” group to fix this issue.
3 comments:
Any idea what to do when the Exchange 2007 is a domain controller and you can't add Exchange Trusted Subsystem to the local administrators group?
Domain Controllers don't have local accounts. The domain accounts replace the local accounts when a computer is promoted to a domain controller.
Add the domain group Administrators as a member in the Exchange Trusted Subsystem domain group.
Open Active Directory Users and Computers, expand the domain, select 'Builtin', double-click 'Administrators', select 'Members', click 'Add...', enter 'Exchange Trusted Subsystem', click OK, click OK.
Boman, If Exchange is running on a DC, then yes.
Post a Comment