Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ADScemaSetup.exe error

I am getting the following in the ldif.log when trying to run the Schema updates:<br>--snip--<br>1: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Entry DN: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>change: add<br>Attribute 0) adminDescription:ms-Exch-Recorded-Name<br>Attribute 1) adminDisplayName:ms-Exch-Recorded-Name<br>Attribute 2) attributeID:1.2.840.113556.1.4.7000.102.17016<br>Attribute 3) attributeSyntax:2.5.5.12<br>Attribute 4) isMemberOfPartialAttributeSet:TRUE<br>Attribute 5) isSingleValued:FALSE<br>Attribute 6) lDAPDisplayName:msExchRecordedName<br>Attribute 7) name:ms-Exch-Recorded-Name<br>Attribute 8) oMSyntax:64<br>Attribute 9) objectCategory:CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Attribute 10) objectClass:attributeSchema<br>Attribute 11) searchFlags:0<br>Attribute 12) partialAttributeSet:TRUE<br><br>Add error on line 37: Busy<br>The server side error is "The role owner attribute could not be read."<br>0 entries modified successfully.<br>An error has occurred in the program<br>--snip--<br><br>Heres the ldif. err:<br>--snip--<br>1: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Entry DN: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>change: add<br>Attribute 0) adminDescription:ms-Exch-Recorded-Name<br>Attribute 1) adminDisplayName:ms-Exch-Recorded-Name<br>Attribute 2) attributeID:1.2.840.113556.1.4.7000.102.17016<br>Attribute 3) attributeSyntax:2.5.5.12<br>Attribute 4) isMemberOfPartialAttributeSet:TRUE<br>Attribute 5) isSingleValued:FALSE<br>Attribute 6) lDAPDisplayName:msExchRecordedName<br>Attribute 7) name:ms-Exch-Recorded-Name<br>Attribute 8) oMSyntax:64<br>Attribute 9) objectCategory:CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Attribute 10) objectClass:attributeSchema<br>Attribute 11) searchFlags:0<br>Attribute 12) partialAttributeSet:TRUE<br><br>Add error on line 37: Busy<br>The server side error is "The role owner attribute could not be read."<br>An error has occurred in the program<br>--snip--<br><br>Any ideas what the problem is?<br><br>There are users in OU's other than and including the Users OU. Could that be affecting it?<br><br>Thanks.<br><br>

11 REPLIES
New Member

Re: ADScemaSetup.exe error

Try the following:

1) Be sure the account under which you are running adschemasetup.exe is a member of the Schema Admins group
2) Run adschemasetup.exe on the DC which is the schema master (usually the first DC in the forest, but you can use ntdsutil to see for sure which one it is--there are some MSDN articles that tell how to do it)

Anonymous
N/A

Re: ADScemaSetup.exe error

I am installing on the only DC in the network, which I am using the account which was used to install AD initially, which has all the necessary permissions. I worked with TAC for 3 hours and we have narrowed it to an Active Directory thing and they are sending me to Micro$oft.

I tried running ADSI Edit to manually extend the schema and that failed with the same "The role owner attribute could not be read" error as appears in the ldif.log file when I run the ADSchemaSetup.

After that failed I went searching and found the ldifde.exe utility and tried processing the ldif script with: ldifde.exe -i -l av(I don't have the filename).ldf

And that failed with an error of:

Add error on line 37: Invalid DN Syntax
The server side error is "The object name has bad syntax."
0 entries modified successfully.
An error has occurred in the program

Anyone?

New Member

Re: ADScemaSetup.exe error

Were there every any other DCs in the forest? If so, you could try the following MSDN articles:

Q234790 - HOW TO: How to Find FSMO Role Holders (Servers)
Q255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller

They explain how to determine which DC is the schema master and how to force a DC server to become a schema master.

If this DC is the only DC that has ever existed in the forest, though, it is unlikely that articles above will help much. If that is the case, I don't have any ideas on why it might not be working.

Anonymous
N/A

Re: ADScemaSetup.exe error

This is the only DC in the domain and there is only one forest. All schema roles are on the one server. I can edit schema attributes using ADSI edit, but not add any new extensions to the schema. Am I the only one who has run into this?

Gold

Re: ADScemaSetup.exe error

You can always take our LDIF file and try to extend the schema with the LDIFDE utility that comes with Windows 2000. If that tool can't do it I am pretty sure you have a AD problem and you would need to get MSFT involved.

Keith

Keith Chambers
Unity Technical Lead
Unified Voice Team, San Jose
Cisco Systems

Anonymous
N/A

Re: ADScemaSetup.exe error

I tried the ldifde utility and that did not do it, that gave an error of:

Add error on line 37: Invalid DN Syntax
The server side error is "The object name has bad syntax."
0 entries modified successfully.
An error has occurred in the program

I am certain this is a Microsoft issue, but I have been over permissions many times and all appears to be in place.

Any thoughts on the fact that I can use ADSI Edit to modify other schema values, but not add any new ones?

Gold

Re: ADScemaSetup.exe error

Assuming this is your corp AD and you have already run /forestprep for Exchange 2000 I would give MSFT a ring. Changes to the AD schema are permanent so you really don't want to mess anything up. :(

Keith

Keith Chambers
Unity Technical Lead
Unified Voice Team, San Jose
Cisco Systems

Anonymous
N/A

Re: ADScemaSetup.exe error

I am using the values straight out of the .LDF script from the Unity CD images, so I'm confident that nothing will get messed up. TAC is recommending I "upgrade" to 3.1.3. That seems bogus to me because the schema extensions have nothing to do with Unity version in how they are written to the schema.
The customer has no M$FT support so at $300 a pop to install a Cisco product, they are oviously balking. This is an existing Ex2k and AD domain we are bringing Unity into. The customer understands this is probably a M$FT issue but they also know there are other VM's out there that do not need an AD Schema extension to run.

New Member

Re: ADScemaSetup.exe error

I agree that an upgrade to 3.1.3 would be futile.

Have you tried running ldifde again with the correct -c option? The first error you posted from ldifde was because of the wrong command line options, not because of whatever is going on with AD.

Anonymous
N/A

Re: ADScemaSetup.exe error

Just as a note Idid manage to get this resolved... and yes I tried the -c option with the same "role owner" error as the rest of the attempts I made.

Here is what I did to get this to go, and I still don't quite get it.

In the course of troubleshooting I installed the MS Support Pack, which includes the Active Directory GUI tool. I had gone through that tool to verify that I could connect, browse, etc. using LDAP. (By the way I also used ntdsutils, ADSI Edit, and a bunch of other tools to verify AD and LDAP connections) My normal process was to check the access with a given utility, close the util, then try to run the update again. The last time however I left my connection open, ran the SchemaUpdate and it flew through like there had never been an issue in the first place.

Exceptionally weird behavior.

New Member

Re: ADScemaSetup.exe error

I ran this by someone else here and he had the following comment about the ldifde error:

Note that his ldifde script is failing because he needs to specify -c to replace the in the script with the actual dn to his/her schema container (cn=schema,cn=configuration,dc=xyz,dc=com).


219
Views
0
Helpful
11
Replies
CreatePlease to create content