Error message when upgrading cumulative updates in Exchange

  • Article

This article describes the error message that's displayed when you try to install or upgrade to the cumulative updates using the setup of Exchange Server.

Symptoms

The symptom of a cumulative-updates' upgrade failure is display of the AccessDenied error message.

Cause

This section describes the causes of the AccessDenied error message.

AccessDenied

The AccessDenied error message occurs when the built-in administrators don't have write permissions for the CustomSD registry key when they try to record/log the event in the application log.

The events leading up to the occurrence of the AccessDenied error message is described as follows:

Attempt to upgrade Cumulative Update fails, and in the setup log, you may notice the following data logged immediately after the Start-PreFileCopy task has ended:

[12/05/2022 12:22:06.0909] [1] Ending processing Start-PreFileCopy
[12/05/2022 12:22:06.0914] [0] The log file path for the language pack removal operation is set to 'C:\ExchangeSetupLogs'.
[12/05/2022 12:22:06.0924] [0] [WARNING] Exception has been thrown by the target of an invocation.
[12/05/2022 12:22:06.0939] [0] [WARNING] Cannot open log for source 'MSExchangeSetup'. You may not have write access.
[12/05/2022 12:22:06.0939] [0] [WARNING] Access is denied
[12/05/2022 12:22:06.0939] [0] CurrentResult SetupLauncherHelper.loadassembly:444: 1
[12/05/2022 12:22:06.0939] [0] The Exchange Server setup operation didn't complete.  More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[12/05/2022 12:22:06.0939] [0] CurrentResult main.run:235: 1
[12/05/2022 12:22:06.0939] [0] CurrentResult setupbase.maincore:396: 1
[12/05/2022 12:22:06.0939] [0] End of Setup
[12/05/2022 12:22:06.0939] [0] **********************************************

In a working scenario, we'll see the following lines in the setup log data after the setup of Exchange server runs the Start-PreFileCopy task:

[04/21/2022 08:31:54.0092] [1] Ending processing Start-PreFileCopy
[04/21/2022 08:31:54.0100] [0] The log file path for the language pack removal operation is set to 'C:\ExchangeSetupLogs'.
[04/21/2022 08:31:54.0106] [0] **************
[04/21/2022 08:31:54.0106] [0] Setup will run the task 'remove-InstalledLanguages'

Prior to removing the languages and reinstalling them, we must log the event with ID:1000 with source Microsoft Exchange Setup.

Log Name:      Application
Source:        MSExchangeSetup
Date:          12/5/2022 11:33:03 AM
Event ID:      1000
Task Category: Microsoft Exchange Setup
Level:         Information
Keywords:      Classic
User:          N/A
Description: Exchange Setup (build 15.1.2507.6:Languages) was started.

We run the below syntax to record the event with ID:1000 with the application log:

Write-EventLog -LogName Application -Source MSExchangeSetup -EntryType Information -EventId 1000 -Message "This is a test message"

After this cmdlet is executed, you get the AccessDenied error message, as depicted in the following screenshot:

The screenshot displaying AccessDenied error message.

This result indicates there's an issue in accessing to the application log to record the event ID:1000.

Then, you verify the output of the CustomSD registry key by running the following cmdlet:

Get-ItemProperty "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application"

The output on running this cmdlet is:

PrimaryModule       : Application
DisplayNameFile     : C:\Windows\system32\wevtapi.dll
DisplayNameID       : 256
File                : C:\Windows\system32\winevt\Logs\Application.evtx
MaxSize             : 209715200
Retention           : 0
RestrictGuestAccess : 1
AutoBackupLogFiles  : 0
CustomSD            : O:BAG:SYD:(A;;0xf0005;;;SY)(**A;;0x5;;;BA**)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-21-3081388108-1913582122-755921781-506353)
PSPath              : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application
PSParentPath        : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Sy stem\CurrentControlSet\Services\Eventlog
PSChildName         : Application
PSProvider          : Microsoft.PowerShell.Core\Registry

There are three distinct rights that pertain to event logs:

  • Read: This right corresponds to bit 1 in the Access rights field of the ACE String.

  • Write: This right corresponds to bit 2 in the Access rights field of the ACE String.

  • Clear: This right corresponds to bit 4 in the Access rights field of the ACE String.

These rights correspond to the following bits in the access rights field of the ACE String:

If we attempt to read the access rights (A;;0x5;;;BA), these access rights translate to:

  • A: Allow
  • BA: Built-in Admins
  • 0x5: Read + Clear

These results indicate that writing event log in the application log isn't allowed, which is the cause of the AccessDenied message.

To troubleshoot this issue, see Resolution.

Resolution

To fix the issue caused by the AccessDenied error message, perform the following steps:

  1. Update the access rights from (A;;0x5;;;BA) to (A;;0x7;;;BA) under the following locations:
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application

Updating the access right will result in the Write permission being obtained.

  1. Restart the upgrade process.