On Friday, I set myself up for the hat trick: I was going to upgrade my primary desktop to Mac OS 10.5, my work laptop to Vista SP1, and my home Exchange server to 2007 SP1. I only got one of the three done because I ended up busy with actual, y’know, work— my Exchange box was the only one I got around to. However, during the upgrade, I faced an annoying problem: the Exchange setup utility failed when it tried to upgrade the UM service.
I checked the event log and found that the UM service was failing with event ID 1183. As far as I can tell, that’s a totally undocumented error. It turns out that, when the UM service attempted to issue itself a new self-signed certificate, the service was throwing an error and crashing with an unhandled exception. Because the UM service wouldn’t start, Exchange Setup (quite sensibly, IMHO) wouldn’t continue.
The fix ended up being to restore the correct permissions on c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys. This is the location of the computer account’s personal certificate store, and for some reason, the permissions on it were incorrect. Adding NETWORK SERVICE:F and Domain Admins:F back to the ACL fixed the problem and allowed the setup utility to finish its work. (The longer-term fix comes in two parts: fix New-ExchangeCertificate so it doesn’t fail with an unhandled exception in that case, and then figure out who borked the permissions on that folder.)
What about the Leopard and Vista upgrades? Hey, tomorrow’s another day!