Exchange 07: Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC)

Environment for this issue: Exchg 2007 Win2008 SP1 & 2 Domain controllers Win2003 SP2

If your exchange installation was working and then suddenly stopped working with the error below.( Try this if your having an installation issue to, allthough this specific issue appeared after it was working fine for a few months).

(Some services won’t start ??)

Microsoft Exchange Active Directory Topology Service

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=3268). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

Goto Active directory on your domain Controller and add your exchange server as a 'Computer' on the 'Domain Admins Group'. Thanks to cchalmer on this aswell.

This worked fantastically for me with a reboot.

Also you can ref:

Please use this at your discretion as its not an official solution only a different suggestion to address your  problem and not ideal from a privacy point of view. I have other alternatives in this blog which may address your problem without going down this road.


Comments (57)
  1. Paul Martin says:

    I also received this error, and found that it was the result of disabling IPV6 on my server’s only NIC.  When I reenabled IPV6 on the NIC and rebooted, the services started normally and re-running the installation worked perfectly.   This is the article that helped me determine this…

    BTW, this article also references a way to complete disable IPV6 to resolve the issue, but I just enabled IPV6 on my NIC and allowed a dynamic IP address (not recommended – but I am not using IPV6, so the resolvability of the address is not a big concern for me).

  2. Gio says:

    It works for me thanks. I would only know why!?! Maybe  a policy problem? I would remove this entry from domain admins…is not "clean"…

  3. Mark Peng says:

    For Paul Martin, thank you very much for your input,  I wasted a lot of time to search on Microsoft web site, MS is not as good as your simple answer, great work!

  4. Mike Crowley says:

    This is an msdn blog, but is this an official Microsoft answer?  I cant imagine you are actually recommending to put the account in the DOMAIN ADMINs group.  that is a gross overassignment of priv.

  5. Yes thanks Mike for the comment, I agree, this is ‘not’ recommended or official and has possible issues with privacy, I have listed elsewhere in this blog other ways to address the problem which manifests in different forms. This is a suggestion and use it at your discretion.

    Thanks again


  6. Gordon Freeman says:

    I agree, adding the computer to the Domain Admins is not the best solution, but it’s the only one I was able to get to work.

    (Server 2008 STD SP2, Exchange 2007SP1 w/Rollup9)

    I first started seeing this after installing Server 2008 Service Pack 2.

    I have IPV6 implemented, but tried disabling/re-enabling IPV6 to no avail.

    I also tried:

    (troubleshooting 2114 errors)

    with no luck either, all policy settings were as they should be.

    I am now successfully using IPV4 and IPV6 with no errors.  It’s an ugly fix, but something M$ should have addressed by now.

    Thanks again for the tip

  7. Delighted it helped Gordon;-)

  8. Hamun says:

    I think by enabling IPV6 in the network properties will fix the problem.  Give that a go

  9. Luke says:

    Re-Enabling IPV6 worked for us.

  10. David Bader says:

    I found that the Exchange Server was not a member of the "Exchange Servers" security group on the DC.  Added it, rebooted the Exchange Server.


    Perhaps this is better than adding to the Domain Admins group???

    Thanks for the tip.

  11. Llorenç Vallverdu says:

    Same Happened to me…

    Windows 2008 SP2 with Exchange 2007 SP2.

    Reenabled IPv6 and it didn’t worked… I had to put the computer accounts in the domain admins group and restart the servers.

    Any new solution for this? I think that my costumer won’t like that solution… 🙁 Thanks

  12. Llorenç Vallverdu says:

    I made again a setup.exe /preparead and all worked fine (without having the machine accounts in the domain admins group)


  13. David says:

    Wow, after working on this for nearly 16 hours and beating my head agains the wall, your suggestion to add the computer account to the domain admins group did the trick. My server is up and running now, BUT, I’m not sure the computer account should be in there but hey, if it’s working then I’m leaving it alone.


  14. Prasad says:

    Win2008 SP1 and Exch 2007 sp1 (32 bit)

    Same error was occouring…..

    I tried adding the computer account to Domain admins group but no luck atleast for my scenario.

    Then I enabled IPV6 and tried the same…..

    It worked

    Thanks a lot 🙂

  15. Pranoy says:

    Enabling IPV6 and a reboot worked for me.

    I was installing Exchange 2007 SP1 on Windows 2008.

  16. Eduardo says:

    on my case, I had the Topology discovery failed error, I ran /preparedomain on the 2007 exchange server and it corrected the AD permissions again.

    It worked all right!

  17. Kirk H. says:

    I recently took over management of an Exchange 2007 on Windows 2008 environment and was having this issue after I applied SP2 and RU2.

    Placing the servers in the domain admins group did fix the problem short term, but I wanted the correct fix.

    I tried enabling IPv6 and still had the topology load issue.  Exchange 2007 on Server 2008 uses IPv6 so having it on is probably a good idea anyway so I left it on.

    To correct the permission failure that caued the topology load error, I added the exchange servers security group to the "Manage auditing and security log" group through the local security policy editor.

    This process is provided for information only, if you choose to follow it, it is at your own risk.

    Start > run > secpol.msc

    Expand Local Policies

    Click User Rights Assignment

    Locate "Manage auditing and security log"

    Add "exchange Servers" to this group.

    You should now be able to bring your mail database online.

    The correct fix for this is probably to re-run /adprep from one of your exchange servers.  But this fix worked for me withou re-running /adprep.

  18. Jürgen Gottschalk says:

    I was recovering a deleted Server, got the same message during setup.

    I just had to put the server back in AD Group "Install Exchange Domain Servers" and reboot.

  19. Rafael says:

    Enabling IPV6 and a reboot worked for us.

    I was installing Exchange 2007 SP1 on Windows 2008 SP2.

  20. Jason says:

    Adding the computer account to domain admins worked great! Thanks!

  21. Brian says:

    I ran into this problem in a slightly unrelated manner.  I cloned a working system so I can practice an upgrade.  what a mess.  In short the system unregistered the production box’s name when I attempted to rename the clone and join the domain with it.  (mind you I powered off the prod vm during this entire time)

    What a surprise to find out the system I hadn’t touched wouldn’t come up flawlessly.  I had to recreate the system’s domain account…which still didn’t allow the exchange services to fire up after the system bounced.  I then had to:

    add Install Domain Exchange Servers and Exchange Servers groups with the Exchange box’s computer account.  

    There should also be the Domain Computers group as well.  This was associated when a system joins a domain by default.  No reboot is required…once the two additional groups were added to the computer account a simple restart of the services on the exchange box allowed everything to fire right up.

    Thanks for all the previous posts.  It really helped me orient my troubleshooting in the right direction since I’m not a windows person.

  22. Andrew from TN says:

    The Exchange 2010 servers (All Roles) should be in the Exchange Trusted SubSystem group.  This group is in turn a member of the Administrators group.  This way you dont need to add them to Domain Admins group.

    -Same issue, all was working well as we upgraded from Exchange 2003 to 2010.  As soon as the Exchange 2003 uninstall was complete, we started getting the same errors.  I found this blog, and it got me looking into the security group issues.  The uninstall process must have removed all exchange objects from the correct security groups.

    I checked another migration from 2007 – 2010 that we had done, and sure enough all Exchange 2010 servers were in the Exchange Trusted Subsystem Group, and that was a member of Administartors group.

    Added the group nesting in our broken scenario and rebooted – Bingo..!  Thx all

  23. Kevin says:

    IPV6 and Domain Admins Fixed my issue

  24. Bibomaria says:

    This type of issues occurred when  the Exchange security groups do no have the appropriate user rights to enable the Directory Service Access (DSAccess) component to communicate with Active Directory.I have also faced this types of errors few months ago. i used a software to resolve  this issue.  i fond that at ::

  25. lynn Smith says:

    Thanks, I find the good information for Microsoft Exchange Active Directory Topology Service.

  26. Montgomery says:


    Enabling of IPV6 only helped me as a magic!

    …It was very frustrating, trying to fix the problem, came from "nowhere"!


  27. ohad says:

    i have server 2008 32Bit snd had the same eror.

    i jost enable ipV6 and it work properly.


  28. Dmitriy_FS says:

    same problem was after windows updates.

    Excellent!! Enabled IPv6 worked!!  Adding computer to Domain Admins didnt help for me. Thanks!

    I've spent a lot of time before founded this good post.

  29. tirex says:

    This problem may occur if you use MS ISA. Open the 'flood migration "and enter the name of your exchange server to the list of exceptions.

    Best regards.

  30. RJS says:

    Thanks for this tip.  I just started having this issue today after backing up my Exchange 2007 Vmware image. I was thinking there was something that had corrupted my Vmware image. Adding the computer to Domain Admins seems to have solved it.

  31. Jesus Rodriguez says:

    Thanks a lot!! It got fixed when I enabled the IPv6 protocol back on the nic.

  32. Nikolay Kutyavin says:

    You can fix this issue by granting READ permissions on Domain Controller objects in Active Directory for group "Exchange Servers", or by executing /preparedomain setup command.

    "Domain Admins" is too much for Exchange Servers, certainly. Also, IPv6 is totally unrelated to this issue.

  33. Martin says:

    Thank You,

    I appriciate this very helpful article!

    Enabling IPV6 solved the problem.

  34. Satish says:

    Hi Martin…..i waste lots of time…and finally ur blog is worked on my exchange also

  35. Chango says:

    This worked for me! Thank you so much!

    I am not sure if it was re-enabling IPv6 or adding DC to the domain admins group. Either way, both of those worked for me.

    Thank you for contributing.

  36. Manhar says:

    Hey Gents, Enabling IPv6 did it again. Thank you so much ofr the people who contributed to this blog.

  37. Nicholas says:

    Checked IPv6 enabled, but problem still persist. This blog gives me some hint to check on DNS or name resolution.

    Tried to ping using server hostname and FQDN, the reply comes from IPv6 address.

    So what I did was edit C:windowssystem32driversetchosts file, add local IPv4 address, server hostname and FQDN, reboot server, and voila Exchange 2007 (SP3) on SBS 2008  SP2 back to online.

    Thanks for the blog author and replies by others.

  38. Lee says:

    My exchange 2010 server was in trouble after adding then removing the DNS service as the customer changed there minds.

    This fixed all of my issues! THANKS.

  39. Anas says:

    Re-enabling IPv6 worked for me!

  40. Dave says:

    I had disabled three NIC cards i the offending server. after reading comments, I re-enabled them. I cleared the messages and for the last 50 minutes have had no topology messages. Thanks for the suggestions.

  41. Absalom says:

    Thank you for this. It worked as soon as I added the computer to the group. Saved the day. Gratitude.

  42. Uffe says:

    Just wanted to say a BIG THANKS for turning my attention to the IPv6! I had sh*tloads of errors, and the exchange transport service wouldn't start. I've been at it for 9 hours more or less, and it's now 4am.

    I just enabled IPv6 (still wonder why/when it got disabled) and everything got back to normal, and I can finally sleep!!!!!

    Many, many, many thanks!!!!


  43. Chaza says:

    You are the man! worked a treat. I renabled IPv6 and added server to Domain Admins Group.

  44. Me says:

    Thx a lot Celtic-Guy !

    You really saved my life.

  45. Olivier says:

    Idem pour moi réactivation de L'ipv6

    j'y ai passé la journée dessus, avec de plus en plus de pression, des erreurs dans tout les sens dans l'observateur d'évènement !

    Merci Bcp

  46. Michael says:

    +1 for adding Exchange server to domain admin group to resolve topology error.

  47. Prashant Channe says:

    Make sure that the exchange server is member of "Exchange Servers" and "Exchange trusted Subsystems" exchange security group in active directory.

    This scenario may occur when you reset the exchange server computer account in active directory (May be in DR situation)

  48. Eivind S says:

    – Paul Martin

    I was well into my sixth our of searching when I found your resolution.


  49. Gustavo says:

    Hi Guys,

    Enabling the IPV6 worked for me too.


  50. minhcorp says:

    I met same problem with exchange 2010, no solution above work

    I started disjoin and rejoin exhange to domain, the exchange start fine

  51. karan says:

    I was able to resolve the issue by enabling IPV6 as explained in the following article…/sbs-2008-exchange-services-down-with-event-id-2114-error-0x80040a02-dsc_e_no_suitable_cdc

  52. Paul D says:

    +2 for adding Exchange server to domain admin group to resolve topology error.

    this got us up and running we are now trying to figure out what happened..

  53. Erich says:

    I migrated a client from SBS 2003 Premium to 2012R2 with Exchange 2010 SP3. Most of the documents recommend disabling IPV6 on the NIC of the 2012 server and I followed suite. Once the SBS 2003 was decommissioned and restarted, all sorts of errors were flying.

    Had to remove some DNS settings on the 2012 box that pointed to the old server and eventually ran dcdiag /test:DNS /e /v /f:dns-diag.txt  — came up clean but still getting tons of errors with this one in particular. A quick search landed me here.

    Rather than adding the server to the Domain Admin group, it was trivial to enable IPV6 via PowerShell. My clue that IPV6 was an issue is the Control Panel would hang each time I attempted to check the Adapter settings. Once the cmd finished, a reboot got the server and email services restored – much to the relief and delight of my clients.

    Thanks for the find and the posts everyone.

  54. Lincky says:

    Another possible reason,

    When you use Network Monitor to capture the DNS traffic,  it might be hard coded to the DSAccess if there is no any query to your DNS locally,

    in that cases, please check if the registry is there and manually remove them from  HKEY_LOCAL_MACHINESystemCurrentControlSetServicesMSExchangeDSAccessProfiles

    according to…/250570 , as it might possibly applied to those who have Legacy Exchange like 5.5 2000 2003 before.

  55. Jeff says:

    This worked perfect for me after spending 4 hours scouring the web for unrelated issues with the Transport service be stuck in the starting state.

    Thank you.

  56. B-Cool says:

    We had the same problem and running Exchange Best Practices Analyzer informed us:

    "ADAccess configuration is hard-coded Server: EXCH11. The AD Topology service on server EXCH11 is hard-coded to use Active Directory domain controller server(s) This configuration isn't recommended because it has limited fail-over options."

    Exchange DSAccess is configured for static domain controllers

    Unless the hard-coding of directory servers for DSAccess was performed for a specific reason, you should remove the list of servers and revert to automatically discover domain controllers.…/2619379

Comments are closed.

Skip to main content