Microsoft

Exchange 2016 Setup: Unable to set shared config DC

While installing Exchange 2016 (CU4) in a new customers environment, I encountered an error. The install wizard would fail at 97% on step 6 and there were errors in the setup log file.

I checked the Exchange Setup Log, and tried some troubleshooting based on this information: Technet article Technet forum Reddit

After some digging, I found this error in Event Viewer:

Process ExSetupUI.exe (PID=5772). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0484392. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout) — End of inner exception stack trace –

  • Added “Manage audit and security logs” permission for Exchange Servers on the Domain Controllers.
  • Fixed some issues with missing reverse DNS zones.
  • Fixed some issues with missing subnets in ADDS Sites and Services.
  • Double and triple checked my IPv6 setup.
  • Ensured the firewall was enabled.

At last I found the issue that probably broke the proverbial camels back: No connection could be made because the target machine actively refused it 127.0.0.1:890

The local firewall blocked local traffic from 120.0.0.1 to 127.0.0.1:890!

My guess is that this is because of our strict GPOs (WS2012R2 SCM baselines and the national security authorities’ GPOs).

The solution:

  • Put all the Exchange related Inbound FW rules in a GPO that had a higher precedence than our strict GPOs.
  • Restarted the Exchange-server-to-be.
  • Installed Exchange 2016 successfully!