An exception ocurred while setting shared config DC

So there I was, embarking on a new project to move a customer to Office 365 and Exchange Online. Thinking that I could jump start things with the simple task to install Exchange 2013 CU15 to act as a hybrid server (yes, I know, there is no such role but you know what I mean). Kicking off setup.exe expecting nothing special … BANG! Red, error, setup failed! Whaaaat??!!

The error message was “An exception ocurred while setting shared config DC”. Huh? What does that mean? Google to the rescue. Most blog post seemed to indicate issues with disabled IPv6 but I never disable IPv6 so this wasn’t my issue. Googling along. Found  some tech forum replies talking about strange behaviour with Exchange AD Topology Service and the proccess of locating/selecting Domain Controllers. Found a KB-article from Microsoft providing information and a workaround: Exchange 2013 CU6 and later uses out-of-site domain controllers and global catalog servers I tried this, but to no avail. This wasn’t my issue either. Now what?

I kept on googling and reading through a lot of TechNet forum posts. After an hour or so, I stumbled upon this reply here: https://social.technet.microsoft.com/Forums/office/en-US/bb08b38e-a0b5-436d-83ac-a76d7960d87c/exchange-2013-sp1-installation-fails-at-transport-service-97?forum=exchangesvrdeploy

I got to Microsoft Support and here’s what we found:

During the AD Prep stage one of the permissions that is set in the default domain controllers group policy was not transferred to the custom domain controllers policy.  Support found a plethora of Event 2112 in Windows Event Viewer that pointed to the permission.  Fixed that and Exchange installed just fine.

Going into Event Viewer > Application Log and sure enough …

ad_error

Opening the Group Policy Management console and looking at the Domain Controllers node, I found this:

policy_order

Interesting. Maybe we’re onto something here … Comparing the two GPOs revealed one crucial difference:

policy_settings_1

Specifically the User Right called “Manage auditing and security log” was missing the security group called “<domain>\Exchange Servers” on the custom GPO with Link Order 1, thus taking precedence over the regular “Default Domain Controller Policy” that actually had this user right assingment set.

Solution: Added the group “<domain>\Exchange Servers” to the user right assignment “Manage auditing and security log” on the custom GPO with the higher Link Order (precedence) and Exchange installed just fine after performing GPUpdate on the Domain Controllers.

 

Advertisements
This entry was posted in Exchange - Hybrid, Exchange - On-Premises. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s