Remove From My Forums

Event 4127 MSExchange ADAccess

Pertanyaan
0

Masuk untuk Memilih
Добрый день.

На одном из 2-х серверов Exchange появляется эта ошибка.

Почитал вот это: https://social.technet.microsoft.com/Forums/en-US/cacf7b98-50a9-4c3f-ba01-f061b7d9442c/exchange-2016-event-error-4127-msexchange-adaccess?forum=Exch2016GD

и вот это: https://social.technet.microsoft.com/wiki/contents/articles/51374.exchange-2016-troubleshooting-event-id-4127.aspx

С репликацие в домене всё ок (по крайненй мере DCDiag ошибок не показывает) пересоздание директории Powershell не помогает.

Собственно текст ошибки:
Log Name: Application
Source: MSExchange ADAccess
Date: 17-Sep-19 17:38:52
Event ID: 4127
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.domain.local
Description:
Process powershell.exe (PID=31640). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. ---> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass33_0.<InternalServiceProviderGetServersForRole>b__0(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass16_0.<LoadSettings>b__0()
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
--- End of inner exception stack trace ---. Unable to load application settings. Exception: '%4'
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange ADAccess" />
<EventID Qualifiers="49152">4127</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-09-17T14:38:52.321071200Z" />
<EventRecordID>2958977</EventRecordID>
<Channel>Application</Channel>
<Computer>EXTRA01.device.local</Computer>
<Security />
</System>
<EventData>
<Data>powershell.exe</Data>
<Data>31640</Data>
<Data>Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. ---> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass33_0.<InternalServiceProviderGetServersForRole>b__0(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass16_0.<LoadSettings>b__0()
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
--- End of inner exception stack trace ---</Data>
</EventData>
</Event>
- Diedit oleh Serga612 Selasa, 17 September 2019 14.57 Опечатка
Selasa, 17 September 2019 14.57

Balas

|

Kutip

Jawaban

2

Masuk untuk Memilih
Возможно проблема не в виртуальной дериктории.

Проверьте доменные контроллеры.

Пример.

1. Создайте директорию c:\DCdiag или укажите другую

2. CMD Run as Administrator

dcdiag /c /v /de /f:c:\DCdiag\dcdiag_test2019.txt

MCITP, MCSE. Regards, Oleg
- Diedit oleh Oleg.KovalenkoModerator Selasa, 01 Oktober 2019 17.21
- Ditandai sebagai Jawaban oleh Vasilev VasilMicrosoft contingent staff, Moderator Rabu, 06 November 2019 11.27
Selasa, 01 Oktober 2019 17.17

Balas

|

Kutip

Moderator

Semua Balasan

0

Masuk untuk Memilih

День добрый.

Возможно это есть ваша ошибка.

Exchange 2016 Troubleshooting: Event ID 4127
MCITP, MCSE. Regards, Oleg

Selasa, 17 September 2019 20.34

Balas

|

Kutip

Moderator
0

Masuk untuk Memilih

Увы, не помогло.

С этой ссылки мой пост-жалоба и начинается - я её нашёл сам, попробовал и мне не помогло :-(

Jumat, 20 September 2019 14.25

Balas

|

Kutip
0

Masuk untuk Memilih

Посмотрите подобное обсуждение. Надеюсь поможет и Вам:

https://www.experts-exchange.com/questions/29106809/Exchange-2016-Event-4127-Cannot-run-certain-commandsin-EMS-Error-403.html
Мнения, высказанные здесь, являются отражением моих личных взглядов, а не позиции корпорации Microsoft. Вся информация предоставляется "как есть" без каких-либо гарантий.

Rabu, 25 September 2019 07.11

Balas

|

Kutip

Moderator
0

Masuk untuk Memilih

Как-то там дороговато - если получится оформить триал, посмотрю.

Rabu, 25 September 2019 09.25

Balas

|

Kutip
0

Masuk untuk Memilih

Как-то там дороговато - если получится оформить триал, посмотрю.

Странно, у меня без авторизации видно.

Цитирую Вам историю переписки топика и то как решил проблему топикпастер.

Sunil

have you tried this..

https://support.microsoft.com/en-in/help/2276957/http-status-code-of-403-error-when-you-start-exchange-management-shell

Ответ

Thomas

Yes tried that no luck

after further checking I found that the powershell virtual directory was missing from the default web site in IIS.

With all the trouble of the process that was given by MS the first command removes that folder.
Get-PowerShellVirtualDirectory -Server <Server>| Remove-PowerShellVirtualDirectory

Then the second command is suppose to recreate it.
New-PowerShellVirtualDirectory -Server <Server> -Name Powershell -RequireSSL $false -BasicAuthentication $false -WindowsAuthentication $false -InternalUrl http://<server.fqdn>/powershell

But EMS needs remote power shelling to work which I find very strange that they would require this especially since I am on the server with the problem

So the trick I found on my own was to go to the other DAG and run the second command. So I thought.
I did that a few days ago and I still had the problem
It want until I saw the article you posted early this week that lead me to the problem
I compared both DAG's IIS and I also went to Exchange Admin Center and found the virtual directory was missing.
So late last night after I posted this I said what the heck Let me try running the second command again on DAG 2
And to my surprise it worked the powershell virtual directory appeared and all starting working again.

Hope this helps someone else along the line

Мнения, высказанные здесь, являются отражением моих личных взглядов, а не позиции корпорации Microsoft. Вся информация предоставляется "как есть" без каких-либо гарантий.

Rabu, 25 September 2019 10.09

Balas

|

Kutip

Moderator
0

Masuk untuk Memilih

В итоге этот совет также сводится к пересозданию виртуальной директории PowerShell - странно, что это помогает всем, кроме меня, похоже.

Следующий этап, очевидно - пересоздание всего сервера, но это довольно тяжело физически - огромные базы, нехватка дискового пространства... Надо планировать всё очень тщательно будет.

Senin, 30 September 2019 08.37

Balas

|

Kutip
2

Masuk untuk Memilih
Возможно проблема не в виртуальной дериктории.

Проверьте доменные контроллеры.

Пример.

1. Создайте директорию c:\DCdiag или укажите другую

2. CMD Run as Administrator

dcdiag /c /v /de /f:c:\DCdiag\dcdiag_test2019.txt

MCITP, MCSE. Regards, Oleg
- Diedit oleh Oleg.KovalenkoModerator Selasa, 01 Oktober 2019 17.21
- Ditandai sebagai Jawaban oleh Vasilev VasilMicrosoft contingent staff, Moderator Rabu, 06 November 2019 11.27
Selasa, 01 Oktober 2019 17.17

Balas

|

Kutip

Moderator
0

Masuk untuk Memilih

Спасибо за совет, изучаю лог.

Jumat, 04 Oktober 2019 16.00

Balas

|

Kutip
0

Masuk untuk Memilih

Ключа /de в моей версии не существуе, я подумал что это описка и ключ /е имеется в виду.

Получилось очень много данных.

Jumat, 04 Oktober 2019 16.01

Balas

|

Kutip

Produk

Resources

Solutions

Pembaruan

Evaluasi

Situs Terkait

Pelatihan

Sertifikasi

Sumber daya lainnya

Dukungan produk

Dukungan lainnya

Bukan profesional TI?

Penjawab teratas

Event 4127 MSExchange ADAccess

Pertanyaan

Jawaban

Semua Balasan