Exchange2010 Installtion Issues

I have had a very busy time consulting of late and have not been able to update much on the blog.  However I did want to document this one issue that drove me BERSERK for so long.

Scenario

Deploying a Virtualized Exchange 2010 Testing Environment.  I installed all the pre-requisites but the install failed.  An error similar to this may be shown...

Error:
The following error was generated when "$error.Clear(); if (get-service MSExchangeServiceHost* | where {$_.name -eq "MSExchangeServiceHost"}) { restart-service MSExchangeServiceHost }" was run: "Service 'Microsoft Exchange Service Host (MSExchangeServiceHost)' cannot be started due to the following error: Cannot start service MSExchangeServiceHost on computer '.'.".

It had issues starting some of the services.  The Exchange Services would just hang.  I found entries like the following in the Event Viewer...

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1348). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

I found numerous articles about disabling IPv6 via the registry, or if you un-checked IPv6 on the network adapter properties to re-enable it.  That seemed to help me get my first Front-End and Back-End servers installed.  However I was adding a second Front-End and Back-End server when this same fix did not help.

After uninstalling and reinstalling, or at least attempting to install, Exchange 2010 numerous times I noticed my original servers also stopped working and the Event Viewer had errors like above indicating it could not talk to AcitveDirectory.  I really dug into the network connectivity piece but could not find and issue.

I eventually found one person who mentioned GPO objects that preventing some access to AD.  One of the Exchange services requires the right to manage the security and audit log, obstensibly to be able to write to it.  If you have the following group policy setting using a specific user/group it fails.  In the Default Domain Policy, the GPO Object is:

Computer Configuration>Windows Settings>Security Settings>Local Policy>User Rights Assignment>Manage auditing and security log.

The author of the post mentioned setting it back to "not defined", but in my environment I added the computer accounts of my new virtual Exchange 2010 servers.  I ran "gppdate /force" on each host and rebooted.  That seemed to correct all my issues for now.