Exchange 07: Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC)

Hello World,

Today, I want to blog about a small issue I’ve encounter during the setup of an Exchange 2007 SP2 server.  In this project, the Exchange infrastructure was centrally managed and the local site (where i was working) would have the necessary rights to perform the installation and management of the Exchange Server.

After checking that the Exchange server was provisioned correctly, I decided to start the setup routine from a command line.  After some times, I’ve received this kind of error(see screenshot below) :

The Service MSExchangeTransport failed to reach status “Running” on this server.

If you look in the Event viewer, you will might see an event error id 2214 and a message similar to the following screen

I’ve googled a little bit and found this link.  The workaround proposed was to add the Exchange Server to the Domain admins group. This was not an option for me because the Infrastructure was centrally managed and that was not allowed (for security reasons) to add the computer account to this group. I thought that maybe some rights were missing. So, i decided to use the policytest.exe tool to validate the configuration of the Exchange infrastructure. This utility is included in the Exchange installation CD and can verify if the Manage auditing and Security Log rights has been granted to your Exchange Server (through the Default Domain Controller Policy) .

The result of the policytest.exe tool clearly returned that the Exchange server was not having all the necessary rights needed to perform the installation.

Obviously, something was missing. It turns out that indeed the Exchange Server group didn’t have (anymore) the SeSecurityPrivilege right.  We fixed the problem by updating the Default Domain controller policy and granting the Exchange Servers group the Manage auditing and Security log right. We checked also that the Exchange Server was a member of the Exchange Servers Group.  After granting this right to the server, everything was working as expected.

This link provide as workaround the addition of the exchange Computer account to the Domain Admins Group.  This workaround is working probably because by default the only group having the SeSecurityPrivilege is the Built-in Administrators group.  Domain Admins groups are normally also member of the Administrators group.  So, If you encountered or have encounter the issue, you might want to check the rights and remove the Exchange server account from the Domain Admins Group.

Note 1 :  Running the /prepareDomain switch during your Exchange 2007 Setup should update the Default Domain Controller Policy and grant the necessary rights the The Exchange servers Groups

Note 2 :  Some people have reported a similar error that might have been caused by the removal of the IPv6 protocol.  See here (even if the article is targeted to SBS).  If you encounter a similar error message and you have remove the IPv6 stack, you have 2 options re-enable the IPv6 stack or use a specific procedure to remove the IPv6 from your Windows 2008 Server

That’s it for this post

Till next time

See ya

4 thoughts on “Exchange 07: Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC)

  1. Thanks a ton. Your suggestion to add computer into the Enterprise exchange servers group worked perfectly! After hours of slamming my head with my server, you are really a life saver

  2. Thank you greatly for posting this information. Myself and a team of other Admins have been hardening our network and system infrastructure and ended up revoking [Manage auditing and Security log] rights from our Exchange servers group. Consequently we spent several hours chasing our tails and asking ourselves the same silly questions on what IPv6 had to do with it and what rights needed to be permitted since giving full Domain Admin rights wasn’t an option. Finally I stumbled upon your blog and within minutes the issue was resolved.

Leave a Reply