In your Exchange 2016 environment, you might have noticed that you are getting a lot of errors logged in the application log regarding PowerShell.exe, here is the error message:

Event 4127, MSExchange ADAccess

Process powershell.exe (PID=11952). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. —> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

The error in my opinion seems to be a bit misleading as the following checks were performed:

  • Running DCDiag to verify replication is fine across domain controllers
  • Checking that you can access Exchange EAC and each of it’s components.
  • Rebooting the server.
  • Restarting the Topology Service.

The Solution here seems to re-create the PowerShell Virtual Directories on the server and doing a reboot. Event ID 4127 should stop logging.

To re-create the Virtual Directories for PowerShell you can run the following commands:

Delete the current PowerShell Virtual Directory

  • Get-PowerShellVirtualDirectory -Server <Server>| Remove-PowerShellVirtualDirectory

Re-Create the PowerShell Virtual Directory

  • New-PowerShellVirtualDirectory -Server <Server> -Name Powershell -RequireSSL $false -BasicAuthentication $false -WindowsAuthentication $false -InternalUrl http://<server.fqdn>/powershell

Hope it helps.

Views All Time
Views All Time
Views Today
Views Today
Advertisements