You Cannot Add a Server That Is Running Exchange 2000 or Exchange 2003 to a Hub Transport Server Role When You Set Up Exchange 2007

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

This topic describes an issue that occurs after you set up Microsoft Exchange Server 2007 in an environment that includes a Microsoft Windows 2000 Server-based cluster that hosts a version of Exchange that is older than Exchange 2007. The issue occurs when you try to assign the HUB server role to one of the preexistent servers in that environment.

You cannot add a server that is running Exchange 2000 Server or Exchange Server 2003 to a Hub Transport server role.

You cannot add a server that is running Exchange 2000 or Exchange 2003 to a Hub Transport server role during the setup of Exchange 2007 because Windows 2000 Server cluster servers do not have a computer account in the Active Directory directory service.

When you create a routing group connector in Exchange 2007, a computer account is created in the ExchangeLegacyInterop security group for the connected computer in Active Directory. However, this computer account does not exist. Therefore, the computer account cannot be added to the ExchangeLegacyInterop security group.

In this scenario, you receive the following error message:

Cannot find computer object in Active Directory for server VirtualServerName

If you manually create the Routing Group Connector by using the New-RoutingGroupConnector command, you receive the following error message:

New-RoutingGroupConnector : Active Directory operation failed on <GC Server>.Domain.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03152392, #1:0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 262b30e2 (msExchTargetBridgeheadServersDN) At line:1 char:26 + New-RoutingGroupConnector <<<< -Name "RGC Name" -SourceTransportServers "2007Source.domain.com" -TargetTransportServers "2003Target.domain.com" -Cost 1 -Bidirectional $true -PublicFolderReferralsEnabled $true VERBOSE: New-RoutingGroupConnector : Ending processing.

If you run the New-RoutingGroupConnector command by using the -Debug -Verbose switches, you receive the following error message:

VERBOSE: New-RoutingGroupConnector : The properties changed are: "{ TargetRoutingGroup='CORPHQ', Cost='1', TargetTransportServerVsis={ '1' }, ExchangeLegacyDN='/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Connections/cn=RGC Name', PublicFolderReferralsDisabled=$False, VersionNumber='7638', SourceTransportServerVsis={ '2007Server\1' }, HomeMTA='Microsoft MTA', MinAdminVersion='-2147453113', SystemFlags='Renamable', Id='RGC Name', RawName='RGC Name' }".

VERBOSE: New-RoutingGroupConnector : Saving object "RGC Name" of type "RoutingGroupConnector" and state "New".

VERBOSE: New-RoutingGroupConnector : Previous operation run on domain controller '<GC Name>.domain.com'. Confirm Active Directory operation failed on <GC Name>.domain.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers. Active directory response: 000020B5: AtrErr: DSID-03152392, #1:0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 262b30e2 (msExchTargetBridgeheadServersDN)

If you install Windows 2000 Server Service Pack 3 (SP3), you can create a computer account in Active Directory for the cluster virtual server. However, Exchange 2000 does not support this configuration.

Kerberos authentication for the Network Name resource on which Exchange 2000 depends is not supported on a server cluster. Exchange 2000 was not tested with the expectation that a cluster virtual server would support Kerberos authentication. This configuration may not function correctly.

Future versions of Exchange may take advantage of Kerberos authentication for server clusters.

More Information

For more information about support for Exchange 2000 on a Windows 2000 Server Service Pack 3-based computer, see Microsoft Knowledge Base article 235529, Kerberos support on Windows 2000-based server clusters.