A new Exchange infrastructure is deployed and new DAG nodes are being registered in OA. On attempt to install the package
Exchange2013Mailstore no errors are displayed, no tasks fail, but the package is not installed. In
wpe.log on the Windows Provisioning Server the following error is registered:
ERROR 2017-06-28 16:51:33 (2700/2692): Processing data from remote server 13dag01 failed with the following error message: [AuthZRequestId=ff6ad24e-f441-4579-8224-645be260b27f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user `exchange13.local/Users/pem_admin` isn't assigned to any management roles. For more information, see the about_Remote_Troubleshooting Help topic.
exchange13.local is a new Active Directory (AD) domain deployed for new Exchange set.
There is an existing Exchange set of an older version in OA, deployed in another AD domain. Since new Exchange set is deployed in a new AD domain
exchange13.local, it has it's own
pem_admin service account in AD. Usually, when Exchange is deployed in OA, the user
pem_admin is automatically added to all necessary AD groups, but in case additional Exchange infrastructure is deployed in a new AD domain, the user
pem_admin is not added to the security group
Such behavior was recognized as a software issue POA-111910: pem_admin domain user isn't added into required AD group automatically during Exchange deployment in a new AD
As a workaround, please perform the following steps:
- Go to the domain controller of the reported AD domain (in this example -
- Run the snap-in Active Directory Users and Computers
- Find the user
pem_admin, open it's properties and go to the Member Of tab
- Click Add and type the group name
Organization Management, click OK
- On the properties page click OK to save changes.
In order to clarify the status of the software issue POA-111910, please contact your Technical Account Manager.