question

MichaelHouston-2557 avatar image
0 Votes"
MichaelHouston-2557 asked ·

Exchange 2013 CU23 update Failing on /PrepareAD

I am trying to apply the CU23 update for Exchange 2013 and I am getting the following error. I have looked everywhere for a fix and I cannot find anything.



03/06/2021 17:22:38.0495] [2] [ERROR] Active Directory operation failed on DC1.removed.local. One or more attribute entries of the object 'CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=removed,DC=local' already exists.
[03/06/2021 17:22:38.0495] [2] [ERROR] The object exists.
[03/06/2021 17:22:38.0511] [2] Ending processing initialize-ExchangeUniversalGroups
[03/06/2021 17:22:38.0511] [1] The following 1 error(s) occurred during task execution:
[03/06/2021 17:22:38.0527] [1] 0. ErrorRecord: Active Directory operation failed on DC1.removed.local. One or more attribute entries of the object 'CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=removed,DC=local' already exists.
[03/06/2021 17:22:38.0527] [1] 0. ErrorRecord: Microsoft.Exchange.Data.Directory.ADObjectEntryAlreadyExistsException: Active Directory operation failed on DC1.removed.local. One or more attribute entries of the object 'CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=removed,DC=local' already exists. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.Save(ADRecipient instanceToSave)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.AddMember(ADObject obj, IRecipientSession session, ADGroup destGroup, WriteVerboseDelegate writeVerbose)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
[03/06/2021 17:22:38.0527] [1] [ERROR] The following error was generated when "$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

" was run: "Microsoft.Exchange.Data.Directory.ADObjectEntryAlreadyExistsException: Active Directory operation failed on DC1.removed.local. One or more attribute entries of the object 'CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=removed,DC=local' already exists. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.Save(ADRecipient instanceToSave)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.AddMember(ADObject obj, IRecipientSession session, ADGroup destGroup, WriteVerboseDelegate writeVerbose)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
[03/06/2021 17:22:38.0527] [1] [ERROR] Active Directory operation failed on DC1.removed.local. One or more attribute entries of the object 'CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=removed,DC=local' already exists.
[03/06/2021 17:22:38.0527] [1] [ERROR] The object exists.
[03/06/2021 17:22:38.0527] [1] [ERROR-REFERENCE] Id=443949901 Component=
[03/06/2021 17:22:38.0527] [1] Setup is stopping now because of one or more critical errors.
[03/06/2021 17:22:38.0527] [1] Finished executing component tasks.
[03/06/2021 17:22:38.0527] [1] Ending processing Install-ExchangeOrganization
[03/06/2021 17:22:38.0527] [0] CurrentResult console.ProcessRunInternal:198: 1
[03/06/2021 17:22:38.0542] [0] CurrentResult launcherbase.maincore:90: 1
[03/06/2021 17:22:38.0542] [0] CurrentResult console.startmain:52: 1
[03/06/2021 17:22:38.0542] [0] CurrentResult SetupLauncherHelper.loadassembly:452: 1
[03/06/2021 17:22:38.0542] [0] The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[03/06/2021 17:22:38.0542] [0] CurrentResult main.run:235: 1
[03/06/2021 17:22:38.0542] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[03/06/2021 17:22:38.0542] [0] CurrentResult setupbase.maincore:396: 1
[03/06/2021 17:22:38.0542] [0] End of Setup

office-exchange-server-administrationwindows-active-directoryoffice-exchange-server-deployment
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MichaelHouston-2557,

I am writing to see if there is any progress on the issue. Please let us know if the provided suggestion is helpful or if you need any further assistance.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
sambruins avatar image
0 Votes"
sambruins answered ·

Have your tried downloading the update and running it with the EA (enterprise admin) account as it looks like it is trying to update the schema?

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AWIT avatar image
0 Votes"
AWIT answered ·

What version are you updating from? There are only schema changes if you're upgrading from CU6 or earlier.

https://docs.microsoft.com/en-us/exchange/exchange-2013-active-directory-schema-changes-exchange-2013-help

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered ·

Hi @MichaelHouston-2557,

From the error you shared, it seems that the issue could be related to the "Microsoft Exchange Security Groups".
Do you have multiple OUs in your environment and have by any chance moved the "Microsoft Exchange Security Groups" out from the root to a different OU? Also you can have a look at the thread below and see if the solution there can be helpful:
New Exchange 2013 (CU13) Install- failing after prepareschema, preparead and preparealldomains succeeded

In case the error persists, it's suggested to create a backup of AD, then follow the links below to recreate the Exchange Security Groups:
Exchange 2019 - Re-create the Exchange Security Groups in AD
How to Recreate Corrupted Microsoft Security Groups in Exchange 2010
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHouston-2557 avatar image
0 Votes"
MichaelHouston-2557 answered ·

Thanks for all the responses. I am not sure why, but when running setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms from an elevated Power Shell, I was getting the error, but when I tried running from a Command Prompt, it worked.

If anyone knows why, please let me know.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered ·
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.