I'm setting up a Hyperledger Fabric network and running my orderer using Docker Compose. The configtxgen tool successfully creates the configuration (Writing new channel tx), but when I start the orderer, I get this error:

[orderermon.server] loadLocalMSP -> Failed to setup local msp with config: administrators must be declared when no admin ou classification is set

My Setup Docker Compose Orderer Definition:

orderer.example:
    container_name: orderer.example
    image: hyperledger/fabric-orderer:latest
    environment:
      - FABRIC_LOGGING_SPEC=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example:9443
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github/hyperledger/fabric
    command: orderer
    volumes:
      - $PWD/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
      - ./anizations/ordererOrganizations/example/orderers/orderer.example/msp:/var/hyperledger/orderer/msp
      - ./anizations/ordererOrganizations/example/orderers/orderer.example/tls/:/var/hyperledger/orderer/tls
      - orderer.example:/var/hyperledger/production/orderer
    ports:
      - 7050:7050
      - 9443:9443

configtx.yaml:

Organizations:
  - &OrdererOrg
      Name: OrdererOrg
      ID: OrdererMSP
      MSPDir: ../anizations/ordererOrganizations/example/msp
      Policies:
        Readers:
          Type: Signature
          Rule: "OR('OrdererMSP.member')"
        Writers:
          Type: Signature
          Rule: "OR('OrdererMSP.member')"
        Admins:
          Type: Signature
          Rule: "OR('OrdererMSP.admin')"
  
  - &Org1
      Name: Org1MSP
      ID: Org1MSP
      MSPDir: ../anizations/peerOrganizations/1.example/msp
      Policies:
        Readers:
          Type: Signature
          Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
        Writers:
          Type: Signature
          Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
        Admins:
          Type: Signature
          Rule: "OR('Org1MSP.admin')"
      AnchorPeers:
        - Host: peer01.example
          Port: 7051
        - Host: peer11.example
          Port: 8051

Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true
    Orderer: &OrdererCapabilities
        V2_0: true
    Application: &ApplicationCapabilities
        V2_0: true

Application: &ApplicationDefaults
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"

Orderer: &OrdererDefaults
    OrdererType: etcdraft
    Addresses:
        - orderer.example:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"
    EtcdRaft:
        Consenters:
            - Host: orderer.example
              Port: 7050
              ClientTLSCert: ../anizations/ordererOrganizations/example/orderers/orderer.example/tls/signcerts/cert.pem
              ServerTLSCert: ../anizations/ordererOrganizations/example/orderers/orderer.example/tls/signcerts/cert.pem

Profiles:
    SampleSingleMSPChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
        Policies:
            Readers:
                Type: ImplicitMeta
                Rule: "ANY Readers"
            Writers:
                Type: ImplicitMeta
                Rule: "ANY Writers"
            Admins:
                Type: ImplicitMeta
                Rule: "MAJORITY Admins"

What I Tried Verified that configtxgen successfully created the configuration. Checked that MSPDir for OrdererMSP is correctly pointing to the generated MSP directory. Ensured that AdminOU is not explicitly required. Possible Cause It seems like the orderer’s local MSP (OrdererMSP) does not have an admincerts folder or is missing required admin certificates. I suspect this might be due to Fabric CA not correctly generating and placing admin certificates inside the MSP structure.

Question How can I properly configure my orderer’s MSP to resolve this issue? Do I need to manually copy admincerts into the MSP directory, or is there another recommended way to set this up?

Any insights would be greatly appreciated!