<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

New-EdgeSubscription Fails with LDAP Server Unavailable error

Published on
3,255 Points
255 Views
Last Modified:
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP server was unavailable.

When attempting to create a new Edge Subscription file we received the following error:


New-EdgeSubscription : MicrosoftExchange couldn't create or update the Edge Subscription account on the Edge

Transport server for thefollowing reason: The LDAP server is unavailable.. Stack is   at

System.DirectoryServices.Protocols.LdapConnection.Connect()

   atSystem.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredentialnewCredential, Boolean

needSetCredential)

   atMicrosoft.Exchange.MessageSecurity.EdgeSync.AdamUserManagement.CreateOrUpdateADAMPrincipal(Stringuser, String

password, BooleanbootStrapAccount, TimeSpan expiry)

   atMicrosoft.Exchange.Management.SystemConfigurationTasks.NewEdgeSubscription.InitiateSubscriptionOnEdge()

At line:1 char:1

+ New-EdgeSubscription -FilenameC:\Certificates\Exchet02_Sub.xml -verbose

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    +CategoryInfo          :InvalidOperation: (:) [New-EdgeSubscription], InvalidOperationException

    +FullyQualifiedErrorId :[Server=EXCHET02,RequestId=70125004-b579-493f-82a0-57f30649dea4,TimeStamp=6/21/20175:46

   :25 PM][FailureCategory=Cmdlet-InvalidOperationException]4B625345,Microsoft.Exchange.Management.SystemConfigurat

 ionTasks.NewEdgeSubscription



I looked at numerous postings related to this issue, but none of them provided a solution. We finally engaged Microsoft, and the engineer had me execute an iDNA trace. This is not for the faint-hearted, as few MS engineers are trained in analyzing the output. The time it took to execute the command and have it fail generated a file over 1.2GB in size! 


The analysis showed that the command was getting to the Active Identity manager software, which, since these are standalone servers that don't use smart card authentication, was blocking the command from reaching the LDAP server (ADAM). 


The software was uninstalled on the server we used to troubleshoot the issue (we have two Edge servers), deleted the personal certificates (add the certificates snap-in selecting the 'My user account' option, then browse to Personal\Certificates), and the problem was resolved. On the second server I was able to solve the problem by simply stopping and disabling the service (though the software will be removed from that server, also)


0
Comment
Author:fudgetek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month