When you try to install Microsoft Office Live Communications Server 2003, you receive one of the following error messages: -or-When you click OK, the installation is rolled back, and Live Communications Server 2003 is not installed.

This behavior occurs if one of the following conditions exists:

• The RTCDomainServerAdmins security group does not have the correct permissions to read objects in the forest root of the Active Directory directory service.
• You are logged on to the server with a user account that is not a member of the Domain Admins security group.
• You are logged on to the server with a user account that is not a member of the RTCDomainServerAdmins security group.

Note This issue will also occur if your user account is added to the RTCDomainServerAdmins security group or to the Domain Admins security group, but you do not log off and then log on to apply the new security permissions.

To resolve this issue, use one of or both of the following methods as appropriate to you situation:

Method 1: Verify the user account information

Verify all the following information for the user account that you want to use to install Live Communications Server 2003:

• The user account is a member of the RTCDomainServerAdmins security group in the domain where you are installing Live Communications Server 2003.
• The user account is a member of the Domain Admins security group in the domain where you are installing Live Communications Server 2003.
• The user account is a member of the domain that you want to install Live Communications Server 2003 in. For example, if you want to install Live Communications Server 2003 in a domain named domain-2.example.com, the user account that you use to install Live Communications Server 2003 must be a member of the domain-2.example.com domain.
• The user has logged off and then logged on to apply the new security permissions if the user was added to the RTCDomainServerAdmins security group or to the Domain Admins security group.

Method 2: Configure permissions in the forest root domain

Note When you run the following command, multiple RTC groups are explicitly added to the access control entries (ACEs) of the System and Microsoft containers in the forest root domain partition: In a forest with multiple child domains, such as 10 or more child domains, adding mutiple RTC groups may increase the size of the ACEs on the System and Microsoft containers beyond 64k. This behavior causes the ADMINSDHOLDER thread to fail when it processes these containers and logs an SDPROP 1450 error. To avoid this behavior and to minimize the ACE size, follow these steps:

1. Manually create a custom universal group in the forest root domain.
2. Manually create a custom universal group in the required RTC Admin groups from each child domain that is manually added to a custom universal group.
3. Assign a custom universal group to the System container in the forest root with the required permissions.

You can do this instead of running the rtcsrv.msi command for each child domain.

Prepare the forest root domain for the installation of Live Communications Server 2003 in a particular domain. To do this, follow these steps:

1. Log on to a domain controller in the forest root domain.
2. Run the following command from the Setup\I386\Setup folder on the Microsoft Office Live Communications Server 2003 CD (or from the location where these files are stored)
   rtcsrv.msi prep=domainadd domainname=NetbiosName
   where NetbiosName is the NetBIOS name of the domain where you want to install Live Communications Server 2003.
3. When the Live Communications Server Setup Wizard has completed successfully, click Finish.

Note To verify that the permissions have been set correctly:

1. Start Active Directory Users and Computers.
2. On the View menu, click Advanced Features.
3. Right-click the forest root domain, and then click Properties.
4. Click the Security tab, and then verify that the RTCDomainServerAdmins security group appears for the domain that you added in step 2 of Method 2.