question

HomerSibayan-0286 avatar image
0 Votes"
HomerSibayan-0286 asked joyceshen-MSFT commented

An Active Directory error 0x51 occurred" error when you run the "Setup /PrepareAD" command in Exchange server 2013.

Hi Experts

Can someone from you give an idea how to fix this issue in Exchange ? . We are currently upgrading the CU version of our exchange 2013 Mailbox and CAS server. From CU8 to CU23. Prepare schema is all goods but after performing PrepareAD setup we encountered an error. please see the exact error below.

we have 6 Exchange server 2013 - CU8

3 CAS
3 Mailbox server


Error:
The following error was generated when "$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

Was run: Microsoft.Exchange.Data.directory.Suitability DirectoryException: an active directory error 0x51 occured when trying to check the suitability of server DC1.domain.local Error: Active directory response: The LDAP server is unavailable. System.DirectoryServices.Protocol.ldapException: The LDAP server is unavailable.

at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging()
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.TryBindWithRetry(Int32 maxRetries, ADErrorRecord& errorRecord)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.SuitabilityVerifier.CheckIsServerSuitable(String fqdn, Boolean isGlobalCatalog, NetworkCredential credentials, String& writableNC)
at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, String partitionFqdn, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)
at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, String partitionFqdn, NetworkCredential networkCredential, String serverName, Int32 port)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetConnection(String preferredServer, Boolean isWriteOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetReadConnection(String preferredServer, String optionalBaseDN, ADObjectId& rootId, ADRawEntry scopeDeteriminingObject)
at Microsoft.Exchange.Data.Directory.ADGenericReader.GetNextResultCollection(Type controlType, DirectoryControl& responseControl)
at Microsoft.Exchange.Data.Directory.ADPagedReader`1.GetNextResultCollection()
at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.GetNextPage()
at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.<GetEnumerator>d_0.MoveNext()
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.<FindByAccountName>d
3`1.MoveNext()
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.FindByAccountName[T](String domainName, String accountName)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b
_b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".


Thanks

office-exchange-server-administrationoffice-exchange-server-connectivityoffice-exchange-server-itprooffice-exchange-server-deploymentoffice-exchange-server-dev
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @HomerSibayan-0286

Is there any update here about your issue so far?


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



0 Votes 0 ·
02293085 avatar image
0 Votes"
02293085 answered 02293085 edited

Hi Homer,

Please check. I hope it helps.

https://support.microsoft.com/en-us/topic/-an-active-directory-error-0x51-occurred-error-when-you-run-the-setup-preparead-command-from-a-dc-in-exchange-2013-5db561d1-ba63-01d0-baf6-5baa7cc31bb5

Symptoms
This issue occurs in a domain that has no global catalog servers. This issue occurs after you apply Cumulative Update 5 or a later version of cumulative update for Microsoft Exchange Server 2013 (Cumulative Update 6 or Cumulative Update 7). When this issue occurs, you receive the following error messages:

[Time_Point_1] [2] [ERROR] An Active Directory error 0x51 occurred when trying to check the suitability of server 'domain_controller_name'. Error: 'Active directory response: The LDAP server is unavailable.'

[Time_Point_2] [2] [ERROR] The LDAP server is unavailable.


Note This issue will not occur if you upgrade the domain controller (DC) to a global catalog.

Cause
This issue occurs because of a change that introduces DC stickiness for writable sessions into Cumulative Update 5 for Exchange Server 2013.

Resolution
To resolve this issue, install Cumulative Update 8 for Exchange Server 2013.


Additional information:
https://social.technet.microsoft.com/Forums/en-US/eaca0528-da9a-42b4-b223-512297c40cad/active-directory-error-0x51-occurred-when-trying-to-check-the-suitability-of-server?forum=exchange2010

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HomerSibayan-0286 avatar image
0 Votes"
HomerSibayan-0286 answered joyceshen-MSFT commented

Hi

We are currently CU8 version of exchange 2013. it seems the first link solution cannot be fix the issue. however, since the detected DC that are not communicating on our exchange when tried to perform PrepareAD setup is no longer be using. So it is possible to resolve our issue by decommissioning the old writable DC then cleaning up metadata? as describe on the 2nd link

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

What's the current DC and GC for your server?

 Get-ExchangeServer -Identity "<Server Name>" -Status | fl Current*

And Try to ping an Active Directory server from Microsoft Exchange Server

0 Votes 0 ·

Hi Joyce

We noticed that currently on the main site which is the Exchange 2013 were installed, it has 2 Domain controller iin same site. The DC is 2012 R2 GC and 2008R2 Writeable DC only. I wonder if we upgrade the writaeble DC to GC then try again the PrepareAD command in Exchange. ? or by moving the writaeble DC to DR site so that it cannot read or communicate with Exchange in main site. ?

What do you think ?

0 Votes 0 ·

Hi,

You could try to upgrade the writeable DC to GC. And could you please also take a look at if any error recorded in application log?

And Exchange will stop using the DC, when it discovers the DC is no longer available.

0 Votes 0 ·