Exchange 07: Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC)
Hello World,
I’ve googled a little bit and found this link. The workaround proposed was to add the Exchange Server to the Domain admins group. This was not an option for me because the Infrastructure was centrally managed and that was not allowed (for security reasons) to add the computer account to this group. I thought that maybe some rights were missing. So, i decided to use the policytest.exe tool to validate the configuration of the Exchange infrastructure. This utility is included in the Exchange installation CD and can verify if the Manage auditing and Security Log rights has been granted to your Exchange Server (through the Default Domain Controller Policy) .
Today, I want to blog about a small issue I’ve encounter during the setup of an Exchange 2007 SP2 server. In this project, the Exchange infrastructure was centrally managed and the local site (where i was working) would have the necessary rights to perform the installation and management of the Exchange Server.
After checking that the Exchange server was provisioned correctly, I decided to start the setup routine from a command line. After some times, I’ve received this kind of error(see screenshot below) :
The Service MSExchangeTransport failed to reach status “Running” on this server.
If you look in the Event viewer, you will might see an event error id 2214 and a message similar to the following screen
The result of the policytest.exe tool clearly returned that the Exchange server was not having all the necessary rights needed to perform the installation.
Obviously, something was missing. It turns out that indeed the Exchange Server group didn’t have (anymore) the SeSecurityPrivilege right. We fixed the problem by updating the Default Domain controller policy and granting the Exchange Servers group the Manage auditing and Security log right. We checked also that the Exchange Server was a member of the Exchange Servers Group. After granting this right to the server, everything was working as expected.
This link provide as workaround the addition of the exchange Computer account to the Domain Admins Group. This workaround is working probably because by default the only group having the SeSecurityPrivilege is the Built-in Administrators group. Domain Admins groups are normally also member of the Administrators group. So, If you encountered or have encounter the issue, you might want to check the rights and remove the Exchange server account from the Domain Admins Group.
Note 1 : Running the /prepareDomain switch during your Exchange 2007 Setup should update the Default Domain Controller Policy and grant the necessary rights the The Exchange servers Groups
Note 2 : Some people have reported a similar error that might have been caused by the removal of the IPv6 protocol. See here (even if the article is targeted to SBS). If you encounter a similar error message and you have remove the IPv6 stack, you have 2 options re-enable the IPv6 stack or use a specific procedure to remove the IPv6 from your Windows 2008 Server
No comments:
Post a Comment