After you install the Microsoft Exchange Server 2007 Cluster Continuous Replication (CCR) Service Pack 2 (SP2), you receive the following warning through the Exchange Management Console:
The server administrator 'CCR_node' not a member of the Exchange View-Only Administrators.
Additionally, the Exchange Management Console displays the following error bar message:
Some warnings were reported while loading data. Click here for details…
This is issue was caused by the installation of Exchange 2007 CCR SP2. This does not result in any incorrect behavior in CCR. The warning message indicates that certain objects have more permissions than they require.
To work around this issue, follow these steps:
- Open the Adsiedit.msc tool. This tool is included in Windows Server 2008 and requires that the Active Directory Domain Services (AD DS) role or tools are installed. This tool is also available in Windows Server 2003 Support Tools.
For more information about the Adsiedit.msc tool, visit the following Microsoft Web site:
- Click the computer node in the navigation pane
- On the Action menu, click Setting, and then click Connect To.
- In the Connection Point area, click Select a well known Naming Context.
- In the drop-down menu, point to Configuration, then click OK
- Expand Configuration [domainControllerName.example.com], expand CN=Configuration,DC=example,DC=com, expand CN=Services, expand CN=Microsoft Exchange, expand CN=[orgName], expand CN=Administrative Groups, expand CN=Exchange Administrative Group, expand CN=Servers, and then expand Clustered_Mailbox_server.
- Right-click Clustered_Mailbox_server, and then click Properties. Note the properties of the clustered mailbox server.
- Click the Security tab.
- Find the server account for the passive node of your cluster. Remove all permissions for this account except for the following Read permissions:
- Read Metabase Properties
- Store Read Only Access
- View Information Store Status
- Click Advanced.
- In the Advanced dialog box, select a row that references the passive node of your cluster.
- Click Edit.
- Click the Properties tab.
- Add the following permissions that have the scope, "This Object Only":
- Write property msExchEdgeSyncCred
- Write property msExchServerSite
- Click OK.
- Click Edit.
- Add the following permissions that have the scope "This Object and all descendant objects":
- List Contents
- Read All Properties
- Read Permissions
- Trigger a replication among the domain controllers.
- Refresh the Exchange Management Console. After you do this, the Exchange View-Only Administrator group is removed.
- Use Windows PowerShell to verify that the Exchange View-Only Administrator group is removed. To do this, follow these steps:
- Click Start, point to All Programs, point to Microsoft Exchange Server 2007, and then click Exchange Management Shell.
- Type Get-ExchangeAdministrator, and then press ENTER.
- Verify that the Exchange View-Only Administrator group is no longer part of the computer accounts.
- Test failover and client access.
Also, repeat steps 9 through 21 for the active node.
Article ID: 975807 - Last Review: February 1, 2010 - Revision: 1.0
- Microsoft Exchange Server 2007 Service Pack 2, when used with:
- Microsoft Exchange Server 2007 Enterprise Edition
- Microsoft Exchange Server 2007 Standard Edition
|kbexchcluster kbexpertiseadvanced kbtshoot kbsurveynew kbprb KB975807|