none
Exchange 2016 Event Error 4127, MSExchange ADAccess RRS feed

  • Question

  • I am seeing multiple instances of the error below. I have tested connectivity to the domain controllers by running the dcdiag test and all seems to be fine. Can someone please assist with this

    Event 4127, MSExchange ADAccess

    Process powershell.exe (PID=30152). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. ---> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

    Server stack trace: 
       at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
       at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass13.<InternalServiceProviderGetServersForRole>b__12(IPooledServiceProxy`1 proxy)
       at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
       at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
       at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
       at Microsoft.Exchange.Data.Directory.ADSession.GetConfigurationNamingContext(String partitionFqdn)
       at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential)
       at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainerId(String partitionFqdn, String domainController, NetworkCredential credential)
       at Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass2.<LoadSettings>b__0()
       at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
       at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
       --- End of inner exception stack trace ---. Unable to load application settings. Exception: '%4'

    Tuesday, December 20, 2016 1:44 PM

Answers

  • Hi Adio,

    >>Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.

    It might be a permission issue, please confirm:
    1. Can you run EMS successfully? If so, run "Get-ExchangeServer -Status | FL *DomainController*,*GlobalCatalogs" and post the results.
    2. How about restart Microsoft Exchange Active Directory Topology services? 

    Please double check it with Exchange administrator.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 21, 2016 10:00 AM
    Moderator

All replies

  • Hi Adio,

    >>Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.

    It might be a permission issue, please confirm:
    1. Can you run EMS successfully? If so, run "Get-ExchangeServer -Status | FL *DomainController*,*GlobalCatalogs" and post the results.
    2. How about restart Microsoft Exchange Active Directory Topology services? 

    Please double check it with Exchange administrator.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 21, 2016 10:00 AM
    Moderator
  • So after recreating the virtual directory for powershell and restarting the Microsoft Exchange Active Directory Topology services, this issue seems to have been resolved. Thanks for the assistance here.
    Thursday, December 22, 2016 2:00 PM
  • Hello Adio,

    Glad it solved and thank you for your sharing.
    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 23, 2016 1:11 AM
    Moderator
  • Hi Adio,

    I am getting same error on Exchange 2016. The virtual directory for powershell is currently set to http://[server-fqdn]/powershell. What changes did you make when you say 'recreate virtual director for powershell.

    Regards, Ahmad


    Wednesday, January 18, 2017 3:24 AM
  • Hi,

    i have the same issue on one of our four Exchnage 2016 Servers.

    you can easily recreate the Powershell virtual directory:

    delete:

    Get-PowerShellVirtualDirectory -Server <Servername>| Remove-PowerShellVirtualDirectory

    create new(check your parameters!):

    New-PowerShellVirtualDirectory -Server <servername> -Name Powershell -RequireSSL $false -BasicAuthentication $false -WindowsAuthentication $false -InternalUrl http://<server.fqdn>/powershell

    But this did not work for me. The Event shows up every 15 minutes in Eventlog. Does anyone have some other suggestions?

    Best Regards!


    • Edited by B.Sauer Friday, February 9, 2018 10:18 AM
    Friday, February 9, 2018 10:17 AM
  • Hello,

    Is there any additional information on this issue? I did a new Exchange 2016 installation to migrate from Exchange 2010 and I am getting the same error. Installation is done on CU08.

    Process powershell.exe (PID=16016). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. ---> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

    Somehow I think this is a restriction to access certain webs from localhost. I am also getting a strange Access error when I access the delivery reports in the EMC. There I found a workaround, when accessing the EMC through the full url. However in this case other things did not work.

    Philipp


    • Edited by p.hu Tuesday, February 27, 2018 9:24 AM
    Monday, February 26, 2018 2:48 PM
  • I am having the same issue with Exchange 2016 with a migration from 2013.  I receive this error almost every 5 minutes.  Has anyone found anything else that resolves this?  Or understand the cause?

    Wednesday, July 11, 2018 5:21 PM
  • Same. I've rebuilt the virtual directories and restarted and we're still getting the same error. I hate to open a premier case on this, but not finding a solution.
    Friday, August 16, 2019 1:11 PM
  • Hi smitala,

    Any news about this issue?

    I've updated to CU13 and also have the same errors in event log. Recreate powershell virtual directory did not solve the issue.

    Thanks and best,
    Role

    Thursday, September 5, 2019 6:24 AM