Today I brought a new Exchange environment in the air. This time it was a greenfield situation, an environment which is completely seperated from the old environment. A big part of the server environment is virtualized, one of them is the Exchange server. Citrix XenServer was selected as the virtualization environment, and as it is listed on the list on the Microsoft site it should not be a problem.
So after the design was approved by the customer we started with the installation. Since some small things needed to be done on other servers I opened Xencenter so I can easily get access to all servers. It should not be a big problem you may think, till Exchange started with preparing the AD. After a few minutes the following error was displayed you do not have permissions to read the security descriptor on cn=deleted objects,cn=configuration,dc=ishw,dc=local. Very strange because the account had enough permissions and the replication between the dc’s went OK. So I started to search for the cause of the issue and found a few possibilities:
– change the driveletter of the cd/dvd-rom, this was not an option since the installation was placed on a fileshare
– fix the permissions with ADAM, as this option brings some risks with it I skipped this one and saved it for later
– install it via the console, a little bit probelematic with a vm, so i tried RDP with the /console or /admin option
This last optionwas the solution, so XenCenter will make a RDP connection without the /console or /admin option. If your planning to install Exchange in a XenServer environment keep an eye on this.
Below some interesting articles”
Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments open
Security descriptor error during Exchange Server 2007 schema extension open
Technet Forum: Exchange 2007 Install Error : Read Security Descriptor open