An exception ocurred while setting shared config DC

Posted on 14 January, 2017 by thejespernilsson

So there I was, embarking on a new project to move a customer to Office 365 and Exchange Online. Thinking that I could jump start things with the simple task to install Exchange 2013 CU15 to act as a hybrid server (yes, I know, there is no such role but you know what I mean). Kicking off setup.exe expecting nothing special … BANG! Red, error, setup failed! Whaaaat??!!

The error message was “An exception ocurred while setting shared config DC”. Huh? What does that mean? Google to the rescue. Most blog post seemed to indicate issues with disabled IPv6 but I never disable IPv6 so this wasn’t my issue. Googling along. Found  some tech forum replies talking about strange behaviour with Exchange AD Topology Service and the proccess of locating/selecting Domain Controllers. Found a KB-article from Microsoft providing information and a workaround: Exchange 2013 CU6 and later uses out-of-site domain controllers and global catalog servers I tried this, but to no avail. This wasn’t my issue either. Now what?

I kept on googling and reading through a lot of TechNet forum posts. After an hour or so, I stumbled upon this reply here: https://social.technet.microsoft.com/Forums/office/en-US/bb08b38e-a0b5-436d-83ac-a76d7960d87c/exchange-2013-sp1-installation-fails-at-transport-service-97?forum=exchangesvrdeploy

I got to Microsoft Support and here’s what we found:

During the AD Prep stage one of the permissions that is set in the default domain controllers group policy was not transferred to the custom domain controllers policy.  Support found a plethora of Event 2112 in Windows Event Viewer that pointed to the permission.  Fixed that and Exchange installed just fine.

Going into Event Viewer > Application Log and sure enough …

ad_error

Opening the Group Policy Management console and looking at the Domain Controllers node, I found this:

policy_order

Interesting. Maybe we’re onto something here … Comparing the two GPOs revealed one crucial difference:

policy_settings_1

Specifically the User Right called “Manage auditing and security log” was missing the security group called “<domain>\Exchange Servers” on the custom GPO with Link Order 1, thus taking precedence over the regular “Default Domain Controller Policy” that actually had this user right assingment set.

Solution: Added the group “<domain>\Exchange Servers” to the user right assignment “Manage auditing and security log” on the custom GPO with the higher Link Order (precedence) and Exchange installed just fine after performing GPUpdate on the Domain Controllers.

 

This entry was posted in Exchange - Hybrid, Exchange - On-Premises. Bookmark the permalink.

2 Responses to An exception ocurred while setting shared config DC

  1. Ryan says:
    18 June, 2020 at 08:00

    I feel I owe it to any other person that ran into this issue and slammed their head against the wall for hours troubleshooting, to come on here and THANK YOU for posting this. I read 5, 10, 15, 20, I don’t even know how many KB articles on the error that I was having and almost put in my 10 minute notice until I read this one last article. The error message I was receiving in my Exchange 2013 CU install was “unable to set shared config dc”. I hope this helps another person out there.

    Like

    Reply

Leave a comment