One of my clients wants to upgrade Exchange Server 2013 CU8 to Cu23. When preparing the server for upgrade and started upgrade and at the first step of the upgradation process the upgradation errors out with the following error and needed to exit from it. Error: ” was run: “Microsoft.Exchange.Data. Directory.ADOperationException:
The following error was generated when "$error.Clear(); initialize-ExchangeConfigurationPermissions -DomainController $RoleDomainController " was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on OrgDC.domain.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights. at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) at Microsoft.Exchange.Data.Directory.ADDataSession.SaveSecurityDescriptor(ADObject obj, RawSecurityDescriptor sd, Boolean modifyOwner) at Microsoft.Exchange.Management.Tasks.InitializeConfigPermissions.InternalProcessRecord() at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)"
There are two ways to work around on this issue. You use the first work around when you don’t have the built-in administrator account access.
You need to launch Active Directory Users and Computers and, on the view menu, make your advanced features on the view menu is ticked.
Next, find the user that you are trying to install the exchange server with and open the properties and advanced settings on the security tab enable inheritance and click apply.
Also make sure the account you are tying to install CU is member following groups.
Relaunch the CU upgrade setup and the error won’t be there in this time.
Or if you have administrators account password with you, just login with administrator account and launch the CU installation setup.
Hope this would help someone.