Active directory extensions install error

[alastairferguson]

OK, I try to install the Active directory extensions, and follow the instructions in the admin. giude, but the instructions are wrong. From the guide:

1 For a first-time installation of the Scalix GUI enhancements on an ADUC workstation,
you must log in using a Windows administrator with local admin rights.
2 If it’s not already present, copy the file “Scalix AD Extensions.msi” to the workstation
desktop.
3 Start Scalix AD Extensions.msi.
4 Work through the wizard.
5 Click Finish when the process is complete.
Users and Computers is now ready for Scalix account management.

There are two files, Scalix AD GUI Extensions.msi and Scalix AD Schema Extensions.msi so the file name is wrong for starters. It says install, so I did. It installed OK, but no extensions appeared. When you run ScalixForestPrep.exe through command line this is the error you get:

Scalix Forest Prep 10.0.0.315
Copyright (c) 2005, Scalix Corporation
An error occured in Initialization
Error code: 80072030

I am testing this installation out with a view to purchasing the Enterprise version but without these extensions I won't be proceeding.

Any help much appreciated.

Alastair Ferguson

[florian]

Alastair,

sorry for the filename stuff. I'll forward that to our docs department for correction.

You will first need to install the schema extensions and run forest prep. if this doesn't work as expected, one of the following will probably be true.

- check that you're applying this on a Windows 2000 or Windows 2003 domain controller
- check that you're logged in as an administrator with Schema Admin privileges (Attention: This is a HIGHER level of privileges in Windows than the Administrator or Domain Administrator. The default "Administrator" account has this right after install, but no further Administrator gets it automatically)

Hope this helps,
Florian.

[alastairferguson]

check that you're applying this on a Windows 2000 or Windows 2003 domain controller
- check that you're logged in as an administrator with Schema Admin privileges (Attention: This is a HIGHER level of privileges in Windows than the Administrator or Domain Administrator. The default "Administrator" account has this right after install, but no further Administrator gets it automatically)

I am logged in on our Windows 2003 PDC, and as the administrator account.

[florian]

OK, sounds good to start with; can you confirm that your Admin account in fact has "Schema Administration" privileges? You can see that in your Users+Computers guy, through the Groups the Admin is assigned to.

The error, according to Microsoft knowledgebase, says that it cannot find some object; this might either be because of the above or because there is something wrong with your domain structure.

- Is this a standalone DC or part of a larger AD Installation?
- what's your domain name?
- do you have ADSI Edit installed on your Computer and can you use this to check something?

Understand that some of this information is not really good to share on a public forum. You can contact me via email at <givenname>@scalix.com....

TIA,
Florian.

[deyjvu]

Update on this case for anyone else that may come across this issue:

I have managed to find out the problem with installing the Scalix
Extensions. When I tried to install Windows services for Unix, I got this
message:

Start of schema extension. Time: Thu Apr 6 17:12:48 2006

Schema Naming Context

'CN=Schema,CN=Configuration,DC=lan,DC=creditcorp,DC=com,DC=au'

LDAP Error in opening -
LDAP://credit-sydc/CN=CREDCORP-SERVER\0ADEL:432e5102-1cd5-4387-bd7f-88f8
9a059,CN=Servers,CN=SydneyLAN,CN=Sites,CN=Configuration,DC=lan,DC=creditcorp
,DC=com,DC=au

Error: There is no such object on the server.

================================================

SFU Schema Extension did not complete.

================================================

End of schema extension. Time: Thu Apr 6 17:12:48 2006

So there was a problem with the setup on the Windows side and not the Scalix or the extensions being installed. It was resolved by the following action:

OK, I have managed to install the scalix extensions. The old and now
unavailable domain controller was still officially registered as the Schema
master (credcorp-server), so did:

C:\>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server credit-sydc
Binding to credit-sydc ...
Connected to credit-sydc using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321034A, problem 5002
(UNAVAILABLE), data 8

Win32 error returned is 0x20af(The requested FSMO operation failed. The
current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...
Server "credit-sydc" knows about 5 roles
(then the details of the 5 roles).

Once this was fixed the extensions could then be installed. Turns out the site had an old AD server that was decommissioned some time ago but the role of this server was not completely removed from their setup.

[florian]

Hi Judy (yeah, she's from Australia....),

thanks for sharing this with the community! :-)

Florian.