Log: Application
Event Category : Topology
Event Source : MSExchangeDSAccess
Event Type : Error
Computer : xxxx
Description : Process (Process_Name) (Process_ID). Topology Discovery failed, error 0x80040a02.
For more information, click http://search.support.microsoft.com/search/?adv=1.
Explanation:
This problem occurs because the Exchange security groups do no have the appropriate user rights to enable the Directory Service Access (DSAccess) component to communicate with Active Directory.
Resolution:
Verify that the default domain policy or the default domain controllers policy is not blocked.
Start the Active Directory Users and Computers snap-in.
Right-click Your_Domain.Your_Root_Domain, and then click Properties.
Click the Group Policy tab.
In the Current Group Policy Object Links for Your_Domain window, click a Group Policy entry other than the Default Domain Group Policy entry.
Click Options.
Verify that the No Override: prevents other Group Policy objects from overriding policy set in this one check box is not selected. If it is selected, click to clear this check box after you make sure that the effective policy settings that you want are not changed when the default domain policy is applied.
Click OK two times.
Repeat steps for any other group policies that you have configured.
Repeat steps for any organizational unit object that is located in your environment.
Right-click Domain Controllers, and then click Properties.
In the Current Group Policy Object Links Domain Controllers window, click a Group Policy entry other than the Default Domain Controllers Group Policy entry.
Verify that the No Override: prevents other Group Policy objects from overriding policy set in this one check box is not selected. If it is selected, click to clear this check box after you make sure that the effective policy settings that you want
are not changed when the default domain controllers policy is applied.
Click OK two times.
Exit the Active Directory Users and Computers snap-in.
Wait for this change to replicate to all other domain controllers.
Use the Policytest tool (Policytest.exe) to troubleshoot permissions. Policytest.exe is located on the Exchange Server 2003 or Exchange 2000 Server CD in the Support\Utils\I386 folder. Use Policytest.exe to determine whether the Manage auditing and security logs permission for the Exchange Enterprise Servers group is missing on any of the domain controllers.
A successful result returns information that resembles the following:
Local domain is"
Note A successful result shows that the Manage auditing and security logs permission exists. You must have domain administrator rights to run Policytest.exe successfully. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
281537 (http://support.microsoft.com/kb/281537/ ) Description of the Policytest.exe utility
Reset the Exchange Enterprise Server default permissions at the domain level:
Run the setup /domainprep command from the Exchange Server 2003 or Exchange 2000 Server CD or from a network installation point. This command adds the Exchange Enterprise Servers group to the domain together with default permissions. When you run this command, the permissions are immediately added to one domain controller. The change then replicates to the other domain controllers.
Restore permissions inheritance to other organizational units. Then, wait for the domain controllers to replicate the changes throughout the domain.
Run Policytest.exe, and then note which domain controllers return the following successful result:
Right found:"SeSecurityPrivilege"
If all the domain controllers have the correct permissions, restart the Exchange services.
If no domain controllers have the appropriate permissions,
Verify the default domain controllers policy:
Start the Active Directory Users and Computers snap-in.
Right-click the Domain Controllers container, and then click Properties.
Click the Group Policy tab, and then make sure that Default Domain Controllers Policy is listed in the Current Group Policy Object Links for Your_Domain window. If it is not, click Add, click Default Domain Controllers Policy, and then click OK. Then, wait for this change to replicate to all other domain controllers.
Run the setup /domainprep command from the Exchange Server 2003 or Exchange 2000 Server CD or from a network installation point. This command adds the Exchange Enterprise Servers group to the domain together with default permissions.
Run Policytest.exe, and then note which domain controllers return the following successful result:
Right found:"SeSecurityPrivilege"
If all the domain controllers have the correct permissions, restart the Exchange services.
If some domain controllers do not have the correct permissions,
Manually add permissions to the domain controller.
The File Replication service (FRS) may not replicate the updated security policy to one or more domain controllers after you run the setup /domainprep command. If this occurs, you must manually assign the correct permissions to the Exchange Enterprise Servers group. If some or all domain controllers do not have the correct permissions, assign the Exchange Enterprise Servers group the Manage auditing and security logs permission. Then, wait for the setting to replicate to the other domain controllers.
Start the Active Directory Users and Computers snap-in.
Right-click the Domain Controllers container, and then click Properties.
Click the Group Policy tab, click Default Domain Controllers Policy in the Group Policy Object Links box, and then click Edit.
Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
In the right pane, double-click Manage auditing and security log, click Add, click Browse, and then add the Exchange Enterprise Servers group.
In the Add user or group dialog box, click OK, and then click OK again.
Exit the Group Policy snap-in, and then click OK in the Domain Controllers Properties dialog box.
Note Sometimes, you may not be able to see the Exchange Enterprise Servers group when you click Browse in the Add user or group dialog box. If this occurs, add the Exchange Domain Servers group, and then run the setup /domainprep command again. This process makes the addition of the Exchange Enterprise Servers group by the setup /domainprep command persist across all domain controllers.
Restart the Exchange services.
Source: http://support.microsoft.com/kb/919089
Posts
