The computer account for Exchange Server is absent (297295)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q297295

SYMPTOMS

When you restart your computer, you may notice a "Starting in Services" status message on the Exchange Server computer system attendant. However, you may receive the following event message in the Application event log: Event Type: Warning
Event Source: MSExchangeSA
Event ID: 9157
Description: Microsoft Exchange Server computer system attendant does not have sufficient rights to read Exchange Server configuration objects in Active Directory. System attendant will try again in approximately one minute. In addition, when you try to run Exchange Setup with an option to reinstall, you may receive the following error message:
Setup failed while installing sub-component Microsoft Exchange Server-Level Objects with error code 0x80090020(please consult the installation logs for a detailed description). You may cancel the installation or try the failed setup again.

CAUSE

This behavior can occur if the computer account for the Exchange Server computer has been deleted, lost or does not have Full Control permissions to the Exchange Server computer object in Active Directory.

RESOLUTION

To resolve this behavior, if you have deleted the server's domain account, you must create a new account before the server can log back onto the domain. You may be able to log onto the local computer, but the Exchange Server computer services cannot start. There are important considerations if the server is also a domain controller. For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

298450 Deletion of critical objects in Active Directory in Windows 2000 and Windows Server 2003

257288 How to recover from a deleted domain controller machine account in Windows 2000

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

If you have re-created the computer account, you can grant the new account necessary permissions. Use ADSI Edit to add Full Control permissions to the computer account:
  1. Start ADSI Edit, and then browse to the following location:

    Domain.com/Configuration/Services/Microsoft Exchange/Org/Administrative Groups/AdminGroup/Servers/Server Name

  2. Right-click the server name, and then click Properties.
  3. Click the Security tab, and then click Add.
  4. Locate the computer account for the Exchange Server computer.
  5. Click Add, and then verify that the account is added to the Permissions window with full control.
  6. Click OK, and then close ADSI Edit.
  7. Use Active Directory Users and Computers to add the Exchange Server computer account to the Exchange Domain Servers group in the Users organizational unit.
  8. Restart the Exchange Server computer.

STATUS

This behavior is by design.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kberrmsg kbprb KB297295
©2004 Microsoft Corporation. All rights reserved.