Ошибка ldap 81 0x51 сервер отключен ошибка win32 сервера 0 0x0

  • Remove From My Forums

  • Question

  • Dear all,

    Im exeprence replication errors bettwen site to site replication.

    Error:

    Repadmin can’t connect to a «home server», because of the following error.  Try
    specifying a different
    home server with /homeserver:[dns name]
    Error: An LDAP lookup operation failed with the following error:

        LDAP Error 81(0x51): Server Down
        Server Win32 Error 0(0x0):
        Extended Information:

    This error occurs if I’m connected by the main WAN line (satilite), but if I change to backup line wokrs fine.

    I was in the way to troubleshooting this issue with Netowrk TEAM, and they ask me wich ports are use when replication occurs so they can troubleshoot it.

    I will kindly ask your help and add on this issue and also if you could provide details about all ports and flow of the replication.

    Thanks in advance

Answers

  • Hi,

    You need to check couple of the options to fix this issue.

    1. Check DNS settings on NIC (preferred should be itself if it holds DNS role)

    2. Repadmin /replsum at elivated command prompt. If you notice any errors work on that.

    3. Add Antivirus exceptions for SYSVOL, NTDS folders

    4. Restart Netlogon, DNS and ipconfig /flushdns & ipconfig /registerdns

    5. If none of the above options doesn’t work, provide us ipconfig /all and DCDiag /v logs for better understanding about the issue.

    • Edited by

      Saturday, December 1, 2012 3:06 PM

    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM

    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM

  • You have to start that the traffic on your main WAN connection is not filtered. Active Directory ports used for AD replication should be opened in both directions:
    http://technet.microsoft.com/en-us/library/bb727063.aspx

    You can use PortQryUI to check the filtering.

    Of course, you should also check that the routing is correctly set for this connection. This can be checked using ping requests / responses (I suppose that ICMP traffic is not blocked).

    Note also that AD replication behind a NAT device is not supported. That is why you will need to check if one of the routers used or the main WAN connection is using NAT. If it is the case, you will need to disable it (In your case, with a dedicated site
    to site connection, NAT should not be required).

    Of course, dcdiag and repadmin commands should provide you with more details about the issue.

    This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

    • Edited by
      Mr XMVP
      Sunday, December 2, 2012 3:19 PM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM

    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:24 AM
Источник

При неудачном подключении к LDAPs  определить причину проблемы со стороны клиента крайне затруднительно по причине «информативности» вывода:

ld = ldap_sslinit("DC.domain", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to DC.domain.

Имея доступ к журналу событий System (Event viewer) на контроллере домена можно определить причину (коих может быть великое множество).
В данной заметке раскажу про часто встречающуюся проблему после конфигурации LDAPS, а именно ошибку аутентификации в Secure Channel (Schannel

Log Name:      System
Source:        Schannel
Date:          21.01.2016 12:28:12
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DC.domain
Description:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Проблема заключается в том, что по умолчанию TLS 1.2 отключен на стороне сервера.

Конкретно в Вашем случае отключено может быть что угодно (SSL…,TLS….).

Соединение не удается и следом за Event ID:      36874 следует:

Log Name:      System
Source:        Schannel
Date:          21.01.2016 12:28:12
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DC.domain
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

Решение

Решением является включение TLS 1.2.

Оперативно это можно выполнить через правку реестра путем создания ключа TLS 1.2ClientDisabledByDefault в ветке реестра HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2ClientDisabledByDefault

Значение ключа DisabledByDefault должно быть выключено (1).

В случае проблем не с TLS 1.2 действия аналогичны. Более подробно параметры реестра для SCHANNEL можно посмотреть здесь.

Источник
  • Remove From My Forums

  • Question

  • Dear all,

    Im exeprence replication errors bettwen site to site replication.

    Error:

    Repadmin can’t connect to a «home server», because of the following error.  Try
    specifying a different
    home server with /homeserver:[dns name]
    Error: An LDAP lookup operation failed with the following error:

        LDAP Error 81(0x51): Server Down
        Server Win32 Error 0(0x0):
        Extended Information:

    This error occurs if I’m connected by the main WAN line (satilite), but if I change to backup line wokrs fine.

    I was in the way to troubleshooting this issue with Netowrk TEAM, and they ask me wich ports are use when replication occurs so they can troubleshoot it.

    I will kindly ask your help and add on this issue and also if you could provide details about all ports and flow of the replication.

    Thanks in advance

Answers

  • Hi,

    You need to check couple of the options to fix this issue.

    1. Check DNS settings on NIC (preferred should be itself if it holds DNS role)

    2. Repadmin /replsum at elivated command prompt. If you notice any errors work on that.

    3. Add Antivirus exceptions for SYSVOL, NTDS folders

    4. Restart Netlogon, DNS and ipconfig /flushdns & ipconfig /registerdns

    5. If none of the above options doesn’t work, provide us ipconfig /all and DCDiag /v logs for better understanding about the issue.

    • Edited by

      Saturday, December 1, 2012 3:06 PM

    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM

  • You have to start that the traffic on your main WAN connection is not filtered. Active Directory ports used for AD replication should be opened in both directions:
    http://technet.microsoft.com/en-us/library/bb727063.aspx

    You can use PortQryUI to check the filtering.

    Of course, you should also check that the routing is correctly set for this connection. This can be checked using ping requests / responses (I suppose that ICMP traffic is not blocked).

    Note also that AD replication behind a NAT device is not supported. That is why you will need to check if one of the routers used or the main WAN connection is using NAT. If it is the case, you will need to disable it (In your case, with a dedicated site
    to site connection, NAT should not be required).

    Of course, dcdiag and repadmin commands should provide you with more details about the issue.

    This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

    • Edited by
      Mr XMVP
      Sunday, December 2, 2012 3:19 PM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:24 AM

При неудачном подключении к LDAPs  определить причину проблемы со стороны клиента крайне затруднительно по причине «информативности» вывода:

ld = ldap_sslinit("DC.domain", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to DC.domain.

Имея доступ к журналу событий System (Event viewer) на контроллере домена можно определить причину (коих может быть великое множество).
В данной заметке раскажу про часто встречающуюся проблему после конфигурации LDAPS, а именно ошибку аутентификации в Secure Channel (Schannel

Log Name:      System
Source:        Schannel
Date:          21.01.2016 12:28:12
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DC.domain
Description:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Проблема заключается в том, что по умолчанию TLS 1.2 отключен на стороне сервера.

Конкретно в Вашем случае отключено может быть что угодно (SSL…,TLS….).

Соединение не удается и следом за Event ID:      36874 следует:

Log Name:      System
Source:        Schannel
Date:          21.01.2016 12:28:12
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DC.domain
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

Решение

Решением является включение TLS 1.2.

Оперативно это можно выполнить через правку реестра путем создания ключа TLS 1.2ClientDisabledByDefault в ветке реестра HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2ClientDisabledByDefault

Значение ключа DisabledByDefault должно быть выключено (1).

В случае проблем не с TLS 1.2 действия аналогичны. Более подробно параметры реестра для SCHANNEL можно посмотреть здесь.

  • Remove From My Forums

  • Question

  • Dear all,

    Im exeprence replication errors bettwen site to site replication.

    Error:

    Repadmin can’t connect to a «home server», because of the following error.  Try
    specifying a different
    home server with /homeserver:[dns name]
    Error: An LDAP lookup operation failed with the following error:

        LDAP Error 81(0x51): Server Down
        Server Win32 Error 0(0x0):
        Extended Information:

    This error occurs if I’m connected by the main WAN line (satilite), but if I change to backup line wokrs fine.

    I was in the way to troubleshooting this issue with Netowrk TEAM, and they ask me wich ports are use when replication occurs so they can troubleshoot it.

    I will kindly ask your help and add on this issue and also if you could provide details about all ports and flow of the replication.

    Thanks in advance

Answers

  • Hi,

    You need to check couple of the options to fix this issue.

    1. Check DNS settings on NIC (preferred should be itself if it holds DNS role)

    2. Repadmin /replsum at elivated command prompt. If you notice any errors work on that.

    3. Add Antivirus exceptions for SYSVOL, NTDS folders

    4. Restart Netlogon, DNS and ipconfig /flushdns & ipconfig /registerdns

    5. If none of the above options doesn’t work, provide us ipconfig /all and DCDiag /v logs for better understanding about the issue.

    • Edited by

      Saturday, December 1, 2012 3:06 PM

    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM

  • You have to start that the traffic on your main WAN connection is not filtered. Active Directory ports used for AD replication should be opened in both directions:
    http://technet.microsoft.com/en-us/library/bb727063.aspx

    You can use PortQryUI to check the filtering.

    Of course, you should also check that the routing is correctly set for this connection. This can be checked using ping requests / responses (I suppose that ICMP traffic is not blocked).

    Note also that AD replication behind a NAT device is not supported. That is why you will need to check if one of the routers used or the main WAN connection is using NAT. If it is the case, you will need to disable it (In your case, with a dedicated site
    to site connection, NAT should not be required).

    Of course, dcdiag and repadmin commands should provide you with more details about the issue.

    This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

    • Edited by
      Mr XMVP
      Sunday, December 2, 2012 3:19 PM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:23 AM
    • Marked as answer by
      Yan Li_
      Thursday, December 6, 2012 2:24 AM

Recently I run into the problem where Exchange return with the error:

“An Active Directory error 0x51 occured when trying to check the suitability of Server…”

Server_Down_01

Weird thing this happened not for all commands. It was somehow randomly, but this caused several issues:

  • prompt for credential (which was the most ugly side effect!)
  • errors in scripts
  • CmdLets didn’t return all values
  • …..


When I first saw this error I had a déjà-vu. Last year I had a very long running case with Microsoft, where I had the very similar errors. But back in time Exchange 2010 on Windows Server 2008 R2 was affected. After several Gigabyte of network and LDAP traces it turned out to be an ICMP issue on the OS level:

The LDAP check is using ICMP to evaluate whether the server is up or down. And there was a bug in the ICMP stack, which result in an 0x51 LDAP error even the server was up and healthy. Read this KB for more information.

But now I started seeing this for Exchange 2013 CU10 on Windows Server 2012 R2.

How bad is it?

First I needed to know if this happens on a few server or on all. Therefore I needed to crawl the event logs across all Exchange servers for the EventID 2070. To speed things up I wrote the following function:

function Collect-Events (){
param(
    [Parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$true,Position=0)]
    [Alias('fqdn')]
    [string] $computername = $env:computername,
    [parameter( Mandatory=$false, ValueFromPipelineByPropertyName=$false,Position=1)]
    [string]$EventID = '2070',
    [parameter( Mandatory=$false, ValueFromPipelineByPropertyName=$false,Position=2)]
    [string]$Eventlog = 'Application',
    [parameter( Mandatory = $false, ValueFromPipelineByPropertyName=$false,Position=3)]
    [DateTime]$StartTime = $((Get-Date).AddHours(-12)),
    [parameter( Mandatory=$false, ValueFromPipelineByPropertyName=$false,Position=4)]
    [ValidateSet("Critical","Error","Warning","Information","Verbose")]
    [string]$Severity
    )
process
    {
        Write-Host "Processing $Computername....."
        If ($Severity) {
        switch ($Severity) {
            "Critical"      {$level = 1}
            "Error"         {$level = 2}
            "Warning"       {$level = 3}
            "Information"   {$level = 4}
            "Verbose"       {$level = 5}
        }
            Get-WinEvent -ComputerName $Computername -FilterHashtable @{logname=$Eventlog;id=$EventID;StartTime=$StartTime;Level=$level} -ErrorAction SilentlyContinue
        }
        Else {
            Get-WinEvent -ComputerName $Computername -FilterHashtable @{logname=$Eventlog;id=$EventID;StartTime=$StartTime} -ErrorAction SilentlyContinue
        }
    }
}

This function has already the correct Event Log(Application) and EventID(2070) predefined. Now you can easily search across your Exchange servers. The following example search for EventID 2070 within the last 2 hours:

$2070 = Get-ExchangeServer | Collect-Events -StartTime (Get-Date).addhours(-2)

It turned out to be a general issue and not only on a few servers. Feel free to use this function to search for different events.

Root cause

After turning on logging for MSExchange ADAccess I could see the servers were heavily using Out-of-Site DC’s and GC’s. Shortly I’ve found the following KB, which explained a lot:

https://support.microsoft.com/kb/3088777

Before you start panic: This is only an issue in larger environments with multiple AD sites! Smaller ones shouldn’t be affected. Just to get an idea: In my case we have over 280 AD sites across the globe and not always the needed network bandwidth and latency, which is in general okay as in our scenario Exchange shouldn’t contact the most of them.

How to fix?

To fix this issue and change the behavior you just have to follow the KB article and edit the file Microsoft.Exchange.Directory.TopologyService.exe.config, and restart the service MSExchangeADTopology.

I have to admin just to restart this service sounds easy, but in the end you have to reboot the server. Not always all depending services could be gracefully restarted with MSExchangeADTopology service.

Conclusion

This change was made in CU6. From Microsoft perspective I understand why the change was made. Cloudwise it makes sense, but for larger on-premise installations this could really cause issue.

I hope this helps someone!

Источник

Hello all, For the last week I’ve been trying to get DFS Replication working to provide failover protection but have thus failed. Here’s my current setup: 

Replicated folder: BENTOWS12 DFSR TESTING FOLDER

Sender 1: PDC: BENTOWS12 folder S:SharesRootShareDFSRBENTOWS12 DFSR TESTING FOLDER 

Sender 2: SecondaryDC: WS12HP folder F:DFSRWS12HP DFSR TESTING FOLDER

ISSUE 1: When you connect to \domain.localDFSR Testing Folder you only see/edit/create files located in BENTOWS12’s testing folder and not in WS12HP testing folder. Looks like DFSR TESTING FOLDER only hooked up 

ISSUE 2: Neither folders sync to one another

Tried running: repadmin /replicate dest-WS12HP source-BENTOWS12 to force replication. But got error: Repadmin can’t connect to a «home server», because of the following error.  Try specifying a different home server with /homeserver:[dns name]

Error: An LDAP lookup operation failed with the following error:

LDAP Error 81(0x51): Server Down

Server Win32 Error 0(0x0):

Looked up the issue and got this article where I followed each step and below are my results

https://social.technet.microsoft.com/Forums/sharepoint/en-US/c49b185d-0690-4aaa-bdf8-013d94341855/ldap-error-810×51-server-down-server-win32-error-00×0?forum=winserverDS

Suggestoins to fix: “LDAP Error 81(0x51): Server Down Server Win32 Error 0(0x0): You need to check couple of the options to fix this issue:

1. Check DNS settings on NIC (preferred should be itself if it holds DNS role)

Right now both machines have themselves as as first entry and each other as second and loopback address as third

2. Repadmin /replsum at elivated command prompt. If you notice any errors work on that.

Ran repadmin /replsummary and got

Replication Summary Start Time: 2016-06-14 17:18:41

Beginning data collection for replication summary, this may take while:

Source DSA          largest delta    fails/total %%   error

 BENTOWS12                 27m:37s    0 /   5    0

 WS12HP                    29m:30s    0 /   5    0

Destination DSA     largest delta    fails/total %%   error

 BENTOWS12                 29m:30s    0 /   5    0

 WS12HP                    27m:37s    0 /   5    0

3. Add Antivirus exceptions for SYSVOL, NTDS folders

No anti virus on these machines or firewall (domain or private

4. Restart Netlogon, DNS and ipconfig /flushdns & ipconfig /registerdns

Done on both machines, ran  repadmin /replicate dest-WS12HP source-BENTOWS12 again and got same error

Источник

  • Ошибка ldap 52 нет данных ошибка win32 55
  • Ошибка ldap 0x3a 58
  • Ошибка lda на лексусе
  • Ошибка lcid при запуске lineage 2
  • Ошибка lba на жестком диске