During the installation of CU14 for Exchange Server 2016, I encountered the following error. The required schema update could not be performed either from the setup GUI or via shell. The setup aborts directly at "Step 1 of 18: Preparing the organization" with the following error:
Here again the error message as text:
|
1
2
3
4
5
6
7
8
9
10
|
Error:The following error was generated when "$error.Clear(); install-ExchangeSchema -LdapFileName ($roleInstallPath + "Setup\Data\"+$RoleSchemaPrefix + "schema0.ldf")" was executed: "Microsoft.Exchange.Configuration.Tasks.TaskException: Error while executing 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema0.ldf'. Error code: 8224. Further details can be found in the error file 'C:\Users\administrator\AppData\Local\Temp\ldif.err'. for Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl) for Microsoft.Exchange.Management.Deployment.InstallExchangeSchema.ImportSchemaFile(String schemaMasterServer, String schemaFilePath, String macroName, String macroValue, WriteVerboseDelegate writeVerbose) for Microsoft.Exchange.Management.Deployment.InstallExchangeSchema.InternalProcessRecord() for Microsoft.Exchange.Configuration.Tasks.Task.b__91_1() for Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)". |
In step 1 of 18, the Exchange setup attempts to extend the Active Directory schema. This is also the reason why the error message refers to another log file: C:\Users\administrator\AppData\Local\Temp\ldif.err
This file is a log file of the "ldifde" program. This program is used to update the AD schema. The log file "ldif.err" contains the following text:
|
1
2
3
4
5
6
7
8
9
10
|
Entry DN: CN=ms-Exch-ELC-Expiry-Action,CN=Schema,CN=Configuration,DC=domain,DC=localError for entry with start in Line 1: Error during operationServer-side error: 0x21a2 FSMO role ownership could not be verified because the associated directory partition was not replicated with at least one replication partner.Extended server error:000021A2: SvcErr: DSID-030A0B6B, problem 5012 (DIR_ERROR), data 8610Error in the program |
The message "The FSMO role ownership could not be verified because the associated directory partition was not replicated with at least one replication partner" initially indicates problems with the FSMO roles, in this case I would have spontaneously guessed the FSMO role "Schema Master". However, the command "netdom query fsmo" returned the correct domain controller for each FSMO role.
However, when checking the domain controllers further, it quickly became apparent that two domain controllers no longer existed and had simply been switched off without removing the domain controllers cleanly from the Active Directory. As the two orphaned domain controllers no longer existed, I deleted the orphaned DCs from the AD. The procedure for this is described here:
After cleaning up the Active Directory and the DNS server (deleting all old entries of the orphaned DCs), the Exchange setup went through without any problems. Interesting that nobody seemed to notice that two domain controllers were missing, because only one DC remained...