Exchange 2010 Error – Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=8000). Topology discovery failed, error 0×80040a02 (DSC_E_NO_SUITABLE_CDC)…

MS Exchange

I was asked to troubleshoot an issue at a customer site where the Exchange 2010 servers stopped working. As usual, everything was working fine the previous evening!

The servers were throwing the following error message.

Topology Error

Source: MSExchange ADAccess
Event ID: 2114
Task Category: Topology
Level: Error
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=8000). Topology discovery failed, error 0×80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, “Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

The KB article mentioned gave outdated information (applicable to Windows 2000) and proved useless.

An information entry was logged in the event viewer just before the error.

Information

Event Type:      Information
Event Source:      MSExchange ADAccess
Event Category:      Topology
Event ID:      2080
User:            N/A
Computer:      
Description:
Process MSEXCHANGETOPLOGYSERVICE.EXE (PID=8000). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
DC1.FQDN      CDG 1 7 7 1 0 0 1 7 1
DC2.FQDN      CDG 1 7 7 1 0 0 1 7 1

As the SACL Right was showing as zero, I quickly figured out that the exchange servers are not having the correct permissions to access the domain controllers.

Exchange does not use any domain controller that does not have permissions to read the SACL on the nTSecurityDescriptor attribute in the domain controller. You must have at least one server that satisfies each role (C, D, or G) and that shows 1 in the SACL right column.

I quickly checked the "Default Domain Controllers Policy" to see whether exchange servers had permissions on the "Manage Auditing and Security" under User Rights Assignment and that was fine.

Group Policy

I checked the NIC settings to see whether IPv6 was disabled and it was. I checked the registry to see whether it was fully disabled and it wasn’t. Hence I enabled IPv6 to be on the safe side. But, that didn’t fix the issue.

After looking around for a while, I found the cause of the issue. Someone had actually removed all Exchange servers from the default "Exchange Servers" group as part of AD "cleanup" process. Luckily, the group was still there. I added all the Exchange servers to the group and rebooted them to pick up the changes immediately.

Everything started working once the servers were back online!

Other Popular Articles


MS Exchange

Scripting Agent Initialization Failed: “File is not found” Error During Exchange 2016 Setup

MS Exchange

EAC Access While Co-Existing Exchange 2013 With 2010

MS Exchange

Delete All Calendar Entries In An Exchange 2010 Mailbox

11 thoughts on “Exchange 2010 Error – Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=8000). Topology discovery failed, error 0×80040a02 (DSC_E_NO_SUITABLE_CDC)…”

  1. GREAT POST! I had one of the guys on my team P2V a CAS\HUB then delete it out of AD. Can you say NIGHTMARE? This saved me a lot of stress (well after I started google’n). All about permissions.

    Reply
  2. You are my hero Rajith… Been busy for hours with all TechNET/MSDN, ExpertsExchange etc website solutions involving creating new topology structures, NTDSUtil, NTDSEdit etc etc, None worked.

    Then tried your ‘easy’ solution – only adding the server to the Exchange Servers Group, rebooted the server (for the tenth time this evening already) and it worked!!! (Don’t know why it was removed dough).

    Reply
  3. You saved my day! After putting a new Exchange 2010 Server to our organization (only one Ex 2003 server) without problems, almost all Exchange services at the new server refused to start after the first reboot. I was struggeling for 3 days…
    It turned out, that the issue described above within the default domain controllers policy was the problem. The old Exchange server was a member of the security group ‘Exchange Domain Servers’, while the new Exchange server was a member of the security group ‘Exchange Server’ – that one didn’t have the appropiate permission.

    Reply
  4. The policy was my problem. The Exchange Server group wasn't in the policy. Thanks for the solution.

    Microsoft should include this as part of the ExBPA.

    Carlos Márquez

    Reply
  5. We have the same problem!

    Sadly the servers were in the group still.

    Re-running setup /PrepareAD resolved the problem for a while but it has returned! (within hours)

    Any ideas

    Reply

Leave a Comment