In your Exchange 2016 environment, you might have noticed that you are getting a lot of errors logged in the application log regarding PowerShell.exe, here is the error message:
Event 4127, MSExchange ADAccess
Process powershell.exe (PID=11952). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. —> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
The error in my opinion seems to be a bit misleading as the following checks were performed:
- Running DCDiag to verify replication is fine across domain controllers
- Checking that you can access Exchange EAC and each of it’s components.
- Rebooting the server.
- Restarting the Topology Service.
The Solution here seems to re-create the PowerShell Virtual Directories on the server and doing a reboot. Event ID 4127 should stop logging.
To re-create the Virtual Directories for PowerShell you can run the following commands:
Delete the current PowerShell Virtual Directory
- Get-PowerShellVirtualDirectory -Server <Server>| Remove-PowerShellVirtualDirectory
Re-Create the PowerShell Virtual Directory
- New-PowerShellVirtualDirectory -Server <Server> -Name Powershell -RequireSSL $false -BasicAuthentication $false -WindowsAuthentication $false -InternalUrl http://<server.fqdn>/powershell
Hope it helps.