Problems installing KB974431 on Windows 2008 R2

I recently built a new Windows 2008 R2 server. typical setup. Once everything was configured, I decided to do a Windows Update, as you do. I noticed that one of the updates was taking a long time. This was update KB974431. I stopped the update and rebooted the server, on reflection, probably the wrong thing to do

When the server rebooted I could no longer add roles or features. Any type of install package (standalone or windows update) failed. The following message is logged in Event Viewer:

Faulting application name: TrustedInstaller.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc4b0
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc00000fd
Fault offset: 0x0000000000055237
Faulting process id: 0xa4c
Faulting application start time: 0x01cad7b3f2c0ddbc
Faulting application path: C:WindowsservicingTrustedInstaller.exe
Faulting module path: C:WindowsSYSTEM32ntdll.dll
Report Id: 32686db6-43a7-11df-a8a2-001143352b3e

After quite a bit of time looking through google, I came across a few pages that managed to solve the problem. It seems the problem is caused by an update failing and causing the install packages to become corrupt. I came across the following page, which had this comment:

Problem solved…

just replace package_for_kb974431_rtm~31bf3856ad364e35~amd64~~6.1.1.5.mum
file located at c:windowsservicingpackages with the same file from
functional server. Or you can have this file from update. You can download it
here http://support.microsoft.com/kb/974431/en-us/ and unpack it: Just rename
Windows6.1-KB974431-x64.msu to Windows6.1-KB974431-x64.cab … open it, open
Windows6.1-KB974431-x64.cab inside and there you will find
package_for_kb974431_rtm~31bf3856ad364e35~amd64~~6.1.1.5.mum

you will also have to take ownership over old file and also you will have to
set proper permissions on c:windowsservicingpackages folder – in order to
rename old file and copy the new one

The following website is also very useful.

Exchange 2010 with Legacy 2000 AD information

I had an interesting issue. I had an old Windows 2000 SBS server on my clients network. Been there for a long time as they needed to use the legacy application that it runs. Most services were disabled (ISA, Exchange). Problem arose as it had been disconnected from the domain for some time. This proved interesting when I tried to remove it from the domain. We had to do a adprep /forceremoval (undocumented).

Anyway, the next issue arose when the new Exchange 2010 server was being installed. We could not create mailboxes for exiting users. What gives? I thought Exchange was not being used on the old server? Seems it was, at one stage.

Ok, time to remove this.

[PS] C:Windowssystem32>get-mailbox LegacyUser

Name                      Alias                ServerName       ProhibitSendQuota
—-                           —–                ———-       —————–
Legacy User        LegacyUser           OldSBS2000       unlimited

Ok, the user still seems to be there. I managed to find a command which disables the mailbox AND removes the legacy information from Active Directory.

[PS] C:Windowssystem32>disable-mailbox LegacyUser

Confirm
Are you sure you want to perform this action?
Disabling Mailbox “LegacyUser” will remove the Exchange properties from the Windows user object and mark the mailbox in
the database for removal.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”):

If you don’t disable the user, you will get the following error:

[PS] C:Windowssystem32>remove-mailbox LegacyUser

Confirm
Are you sure you want to perform this action?
Removing the Mailbox “adeleg” will remove the Active Directory user object and mark the mailbox in the database for removal.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”):
Active Directory operation failed on LegacySBS2000.domain.local. This error is not retriable. Additional information: Acc
ess is denied.
Active directory response: 00000005: SecErr: DSID-03151D12, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo          : NotSpecified: (0:Int32) [Remove-Mailbox], ADOperationException
+ FullyQualifiedErrorId : 103F99DF,Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox

Now you can add mailboxes to these users.You can also remove this information from AD using ADSI Edit, but I STRONGLY DO NOT RECOMMEND THIS. It does work however 😉

I hope this helps someone out there.