Exchange 2016 Setup: Unable to set shared config DC

While installing Exchange 2016 (CU4) in a new customers environment, I encountered an error. The install wizard would fail at 97% on step 6 and there were errors in the setup log file.

I checked the Exchange Setup Log, and tried some troubleshooting based on this information:
Technet article
Technet forum
Reddit

After some digging, I found this error in Event Viewer:

Process ExSetupUI.exe (PID=5772). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details
System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0484392. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
--- End of inner exception stack trace --
  • Added “Manage audit and security logs” permission for Exchange Servers on the Domain Controllers.
  • Fixed some issues with missing reverse DNS zones.
  • Fixed some issues with missing subnets in ADDS Sites and Services.
  • Double and triple checked my IPv6 setup.
  • Ensured the firewall was enabled.

At last I found the issue that probably broke the proverbial camels back:
No connection could be made because the target machine actively refused it 127.0.0.1:890

The local firewall blocked local traffic from 120.0.0.1 to 127.0.0.1:890!

My guess is that this is because of our strict GPOs (WS2012R2 SCM baselines and the national security authorities’ GPOs).

The solution:

  • Put all the Exchange related Inbound FW rules in a GPO that had a higher precedence than our strict GPOs.
  • Restarted the Exchange-server-to-be.
  • Installed Exchange 2016 successfully!

3 Replies to “Exchange 2016 Setup: Unable to set shared config DC”

  1. I searched all over the internet and tried a lot of things to fix this issue. Finally, the one thing that fixed the issue for me is to add the subnet of the Exchange server to the default site. Previously, it was not part of any site in AD sites and services.

  2. Thanks a lot, this worked for me!
    I reviewed all the solutions you suggested, applied them, and I was eventually able to successfully install exchange 2016 CU13 after so many failed attempts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.