Exchange 2016 Troubleshooting: Event ID 4127
In your Exchange 2016 environment, you might have noticed that you are getting a lot of errors logged in the application log regarding PowerShell.exe.
Error
Here is the error message:
Event 4127, MSExchange ADAccessProcess powershell.exe (PID=11952). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. ---> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Troubleshooting
The error seems to be a bit misleading as the following checks were performed:
- Running DCDiag to verify replication is fine across domain controllers.
- Checking that you can access Exchange EAC and each of its components.
- Rebooting the server.
- Restarting the Topology Service.
Solution
The Solution here seems to re-create the PowerShell Virtual Directories on the server and doing a reboot. Event ID 4127 should stop logging.
To re-create the Virtual Directories for PowerShell you can run the following commands:
Delete the current PowerShell Virtual Directory
Get-PowerShellVirtualDirectory -Server <Server>| Remove-PowerShellVirtualDirectory
Re-Create the PowerShell Virtual Directory
New-PowerShellVirtualDirectory -Server <Server> -Name Powershell -RequireSSL $false -BasicAuthentication $false -WindowsAuthentication $false -InternalUrl http://<server.fqdn>/powershell