While installing Exchange 2016 (CU4) in a new customers environment, I encountered an error. The install wizard would fail at 97% on step 6 and there were errors in the setup log file.
After some digging, I found this error in Event Viewer:
Process ExSetupUI.exe (PID=5772). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0484392. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout) --- End of inner exception stack trace --
- Added “Manage audit and security logs” permission for Exchange Servers on the Domain Controllers.
- Fixed some issues with missing reverse DNS zones.
- Fixed some issues with missing subnets in ADDS Sites and Services.
- Double and triple checked my IPv6 setup.
- Ensured the firewall was enabled.
At last I found the issue that probably broke the proverbial camels back:
No connection could be made because the target machine actively refused it 127.0.0.1:890
The local firewall blocked local traffic from 18.104.22.168 to 127.0.0.1:890!
My guess is that this is because of our strict GPOs (WS2012R2 SCM baselines and the national security authorities’ GPOs).
- Put all the Exchange related Inbound FW rules in a GPO that had a higher precedence than our strict GPOs.
- Restarted the Exchange-server-to-be.
- Installed Exchange 2016 successfully!