Sometimes when trying to update the RADIUS Plugin, API, or installing a Replica server, the installer will report an LDAP error after defining the Mi-Token AD LDS database. The installer will proceed to stop the AD LDS services and import the schema. At that moment the LDAP-related error arises.


Some causes are:

LDAP services are unavailable

Network communication or required service for replication are off

The master server is not done synchronizing with the other replicas


It is possible that the replication is unfinished because of other factors between the master and the replica, for example the error related to the message:


This server is the owner of the following FSMO role, but does not consider it valid

In this scenario, after a server restart (unexpected) or a major MS Windows Update, the FSMO holder (master) Mi-Token server is no longer replicating the schema to the replicas. This condition must be fixed and have the servers synchronize with each other so they can update or proceed with a new replica. This also may impede the uninstall of a no longer required replica server, i.e., if the replication is not working properly, the uninstaller will render unable to remove the Mi-Token software from the server.


See this article for fixing the "owner of the FSMO roles" error.


Transfer or seize FSMO roles - Windows Server | Microsoft Docs 


Documentation of the roles subcommand of the dsmgtm tool:


roles | Microsoft Docs 


Sample output of role seizing: