Troubleshooting Exchange 2013 RTM CU1 Installs

Exchange2013In today’s post we’re going to take a look at some commonly encountered issues when installing Exchange 2013 RTM CU1 and what you can do to work around them. There’s not a lot of lead up for this post, just issue and possible resolution.

Issue: Install-RuleCollection error in step 1, Organization preparation

Cause: missing data classification

Resolution: Use ADSIEDIT to delete CN=ClassificationDefinitions,CN=Rules,CN=Transport Settings,CN=yourExchangeOrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=yourdomain,DC=yourTLD


Issue: Transport service stops during check for prerequisites

Cause: By design

Resolution: Do not attempt install on production servers during business hours, as mailflow will temporarily halt. Reboots are also required.


Issue: PowerShell scripts cannot run

Cause: Execution policy set by GPO

Resolution: Update GPO to permit RemoteSigned or set-executionpolicy manually on all Exchange servers and filter them from GPO


Issue: Customizations in web.config are missing after upgrade to Exchange 2013 RTM CU1

Cause: By design-applying CU1 overwrites web.config

Resolution: Backup web.config before apply CU1. Use the backup to recreate modifications in the new web.config. DO NOT OVERWRITE WEB.CONFIG WITH THE OLD VERSION


Issue: Cannot delete mailbox databases after installing CU1

Cause: ACLs

Resolution: Edit the SACL on the Exchange System Objects for the Exchange Servers Group to remove the explicit deny on the DeleteSubTree permission.


Issue: Outlook 2007 and 2010 clients cannot download the OAB

Cause: The internal URL is not accessible from the Internet

Resolution: Publish the internal URL to the Internet.


Issue: All clients download a new copy of the OAB after introducing the first Exchange 2013 CU1 server into an existing Exchange 2007/2010 org.

Cause: Exchange 2013 creates a new default OAB at installation.

Resolution: If you are reading this before you install Exchange 2013, make sure you have assigned a default OAB to all mailbox databases. Otherwise, it’s too late, but fortunately this is a one-time event.


Issue: You cannot copy data from a recovery mailbox using New-MailboxRestoreRequest. You get an error “Error details: must be logging in with GUIDs, not legDN”

Cause: By design

Resolution: add the switch –SkipMerging StorageProviderForSource and run the command again.


Issue: Client access using NTLM authentication fails.

Cause: By design. Client access servers no longer support NTLM.

Resolution: Configure client to use Basic Authentication.


Issue: Transport rules and DLP policies are not applied to messages attached to other messages.

Cause: Bug, oops, or other foul-up.

Resolution: Stand by for either a hotfix, or CU2 as at the moment, there is no resolution.


Issue: Setup fails and requests you install .NET Framework 4.0

Cause: Bug, oops, or other foul-up.

Resolution: Exchange 2013 RTM CU1 actually requires .NET Framework 4.5. Install that on your server before you begin the install of Exchange.


Issue: Setup improperly detects Exchange 2010 Edge Transport servers as running pre SP3 and fails, even though the Edge Transport servers have all been updated to SP3.

Cause: Edge Transport servers only update information in AD when the edge subscription is created.

Resolution: Redo the edge subscription between Edge Transport and Hub Transport servers to update AD.


Issue: You disable a user’s access to OWA using Set-CASMailbox <Identity> -OWAEnabled $False, but the user still has access to OWA.

Cause: Bug, oops, or other foul-up.

Resolution: Stand by for either a hotfix, or CU2 as at the moment, there is no resolution other than to disable the user’s account. If they have a mailbox, this probably isn’t a real workaround.


Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

1 Comment

  1. Gregory · May 2, 2013

    Now I know why I’ve been having problems running PowerShell scripts! All the while, I thought I did something that caused the problems. I couldn’t understand why it wasn’t running when I did exactly as instructed. I’ve been trying, for days now, to find ways to correct things; but all without success mainly because I was looking at the wrong reason. I (belatedly, I know) found this post and voila, I’ve the answer! I’ve just followed your instructions and updated GPO. I know things will be better after this. I guess I’m not really that familiar yet with Exchange 2013.

Leave A Reply