LDAP Bind Unsuccessful - Microsoft Exchange

This is a discussion on LDAP Bind Unsuccessful - Microsoft Exchange ; On Tue, 11 May 2004 06:26:46 +0400, "doognukem" <kingdjango@msn.com> wrote: >So let me get this straight. I actaually have an exchange server setup as a >frontend server for 2 other servers that are serving as Information Stores. >On my external ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 11 to 14 of 14

LDAP Bind Unsuccessful

  1. Default Re: LDAP Bind Unsuccessful

    On Tue, 11 May 2004 06:26:46 +0400, "doognukem" <kingdjango@msn.com>
    wrote:

    >So let me get this straight. I actaually have an exchange server setup as a
    >frontend server for 2 other servers that are serving as Information Stores.
    >On my external SMTP connector for the routing group I have a local
    >bridgehead server configured. So from what you are saying I should not call
    >out a local bridgehead server at all. I dont have any remote sites either.
    >Do I understand that correctly or am I missing something?


    Sorry, I think we're on a completely different topic..

    ---

    Dave Howe
    Microsoft PSS

    This posting is provided "AS IS" with no warranties, and confers no rights.

  2. Default Re: LDAP Bind Unsuccessful

    On Mon, 10 May 2004 15:28:38 -0700, "Boris Lokhvitsky"
    <msexpert@comcast.net> wrote:

    >WOW Dave, you da man
    >
    >Thank you VERY MUCH for this terrific post. I suppose I will have an
    >exciting reading until at least the end of the day Maybe I will return
    >with some more buzzing sounds then, though
    >
    >My DEEPEST respect,
    >Boris
    >
    >P.S. Both NetMon and Ethereal are my favorite tools, too I will run a
    >couple of captures to dig deeper into what you've said.
    >THANKS!!!


    No problem! Actually a coworker corrected me on one thing I forgot to
    mention. If Exchange is installed on a GC, then if the GC role
    becomes unresponsive, Exchange will fail to use any of the other
    available Global Catalogs. You have to restart the Exchange services
    to get it to use anything other than itself. Also, Exchange should
    not be installed on simply a DC, instead make it a GC. Global
    Catalogs support NSPI, which is used for Outlook name lookup requests.
    Domain Controllers do not support NSPI.

    Granted, later versions of Outlook use RFR (referral, allowing Outlook
    to talk directly to a GC) by default, but all initial calls are made
    via NSPI, regardless of Outlook version.

    ---

    Dave Howe
    Microsoft PSS

    This posting is provided "AS IS" with no warranties, and confers no rights.

  3. Default Re: LDAP Bind Unsuccessful

    Yeah, this question was more about the MS recommendation to NOT assign a
    bridgehead server role explicitly unless it is absolutely necessary. (There
    was a MS KB article quoted which mantioned that). Means, Exchange should
    decide for itself what servers to use for routing.

    Boris


    "Dave Howe [MSFT]" <daveh@online.microsoft.com> wrote in message
    news:kvv1a05jjip972rlbimsdehn28m6l48bcv@4ax.com...
    > On Tue, 11 May 2004 06:26:46 +0400, "doognukem" <kingdjango@msn.com>
    > wrote:
    >
    > >So let me get this straight. I actaually have an exchange server setup

    as a
    > >frontend server for 2 other servers that are serving as Information

    Stores.
    > >On my external SMTP connector for the routing group I have a local
    > >bridgehead server configured. So from what you are saying I should not

    call
    > >out a local bridgehead server at all. I dont have any remote sites

    either.
    > >Do I understand that correctly or am I missing something?

    >
    > Sorry, I think we're on a completely different topic..
    >
    > ---
    >
    > Dave Howe
    > Microsoft PSS
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.



  4. Default Re: LDAP Bind Unsuccessful

    We have a similar problem with Exchange 2003 and two DC servers 2003. But in
    our case the servers are supposed to be up and running

    We suddenly noticed a problem in the discovery of the topology that happens
    every so often. The topology was lost, and the services were going down, to
    be back again after 15 minutes.

    I increased the topology discovery time from the default of 60 seconds to
    600 seconds (see here
    http://support.microsoft.com/default...s;312859&sd=ee ) but I
    am still getting the same errors.

    Worth pointing out that one of the DC servers gives this status during the
    topology discovery checking cycle.

    ---------------------

    Event Type: Information

    Event Source: MSExchangeDSAccess

    Event Category: Topology

    Event ID: 2080

    Date: 30/6/2004

    Time: 12:43:29 ??

    User: N/A

    Computer: SUMAIL2

    Description:

    Process MAD.EXE (PID=1904). DSAccess has discovered the following servers
    with the following characteristics:

    (Server name | Roles | Reachability | Synchronized | GC capable | PDC |
    SACL right | Critical Data | Netlogon | OS Version)

    In-site:

    sudc1.XXX.com CDG 7 7 1 0 1 1 7 1

    sumanagement.XXX.com CD- 0 0 0 0 0 0 0 0

    Out-of-site



    -----------------------

    I also have loads of errors in LDAP bindings, failures to detect that the DC
    is up and running.

    Please help - I am getting really desperate!

    Regards,



    Dimitris




    -----------------
    ------------------
    START OF ISSUES, RELATED KB ARTICLES
    ------------------
    -----------------
    1.

    Details

    Product:
    Exchange

    ID:
    9176

    Source:
    MSExchangeSA

    Version:
    6.5.0000.0

    Message:
    NSPI Proxy can contact Global Catalog %1 but it does not support the
    NSPI
    service. After a Domain Controller is promoted to a Global Catalog,
    the
    Global Catalog must be rebooted to support MAPI Clients. Reboot %2 as
    soon as possible.



    Explanation

    This Event indicates that the Exchange Server was able to contact a
    server that is designated to be a Global Catalog (GC) Server but did
    not get a response from the NSPI interface on that GC.
    This can happen because the Name Service Provider Interface (NSPI)
    interface is not advertised by the Global Catalog server, possibly
    because the server was made a Global Catalog and was not restarted.



    User Action

    After a Domain Controller (DC) is made a GC, the GC must be rebooted
    to support MAPI clients. To ensure that a GC responds to NSPI queries,
    restart the GC.





    Version:
    6.5.6940.0

    Component:
    Microsoft Exchange System Attendant

    Message:
    NSPI Proxy can contact Global Catalog <server name> but it does not
    support the NSPIservice. After a Domain Controller is promoted to a
    Global Catalog, theGlobal Catalog must be rebooted to support MAPI
    Clients. Reboot <server name> assoon as possible.



    Explanation

    This event indicates that the Exchange server was able to contact a
    server that is designated to be a global catalog server but did not
    get a response from the Name Service Provider Interface (NSPI) on that
    global catalog. This can occur because the NSPI is not advertised by
    the global catalog server, possibly because the server was made a
    global catalog and was not restarted.



    User Action

    After a domain controller is made a global catalog, the global catalog
    must be rebooted to support MAPI clients. To ensure that a global
    catalog responds to NSPI queries, restart the global catalog.










    2.

    Details

    Product:
    Exchange

    ID:
    9143

    Source:
    MSExchangeSA

    Version:
    6.5.6940.0

    Component:
    Microsoft Exchange System Attendant

    Message:
    Referral Interface cannot contact any Global Catalog that supports
    the NSPI Service.Clients making RFR requests will fail to connect
    until a Global Catalog becomes available again.After a Domain
    Controller is promoted to a Global Catalog, it must be rebooted to
    support MAPI Clients.



    Explanation

    This event indicates that the Referral Interface on the Exchange
    server was unable to contact a global catalog server.



    User Action

    Make sure that at least one global catalog server is available for the
    Exchange server to communicate with. If a domain controller has
    recently been promoted to be a global catalog, you will need to reboot
    that machine in order for Exchange server to use it.






    3.



    Details

    Product:
    Exchange

    ID:
    9074

    Source:
    MSExchangeSA

    Version:
    6.5.0000.0

    Message:
    The Directory Service Referral interface failed to service a client
    request.
    RFRI is returning the error code:[0x%1].



    Explanation

    This Event basically states that the DSPROXY component of the System
    Attendant Service on the Exchange server failed to service a client
    request. This failure could be because of issues ranging from failed
    network connectivity to permissions problems.
    The following are the most probable causes of this event. Also, search
    the Microsoft Knowledge Base for further information:

    1. The primary network adapter in a multihomed domain controller
    may not have File and Printer Sharing for Microsoft Networks bound to
    it.

    2. The Manage Auditing and Security Log right
    (SeSecurityPrivilege) may have been removed for the Exchange
    Enterprise Servers domain local group on some or all of the domain
    controllers.

    3. The File Replication Service (FRS) may not successfully
    replicate an updated security policy to one or more domain
    controllers.



    User Action

    1. Change the binding order of the network adapters so that the
    adapter that is listed at the top of the Connections list has file and
    printer sharing bound to it.

    2. Use the Policytest.exe utility to check the status of the
    SeSecurityPrivilege right on all of the domain controllers in a single
    domain. The Policytest.exe utility is included on the Exchange
    installation CD-ROM. If the SeSecurityPrivilege has been removed from
    the Exchange Enterprise Servers group, you can grant the right
    directly to the Exchange Enterprise Servers group, or you can run
    Exchange Setup again with the /domainprep switch to grant the
    SeSecurityPrivilege right automatically.

    3. Ensure that replication between DCs is occurring properly.





    Version:
    6.5.6940.0

    Component:
    Microsoft Exchange System Attendant

    Message:
    The Directory Service Referral interface failed to service a client
    request.RFRI is returning the error code:[0x<error code>].



    Explanation

    This event basically states that the DSPROXY component of the System
    Attendant Service on the Exchange server failed to service a client
    request. This failure could be because of issues ranging from failed
    network connectivity to permissions problems.

    The following are the most probable causes of this event:

    The primary network adapter in a multihomed domain controller may not
    have File and Printer Sharing for Microsoft Networks bound to it.
    The Manage Auditing and Security Log right (SeSecurityPrivilege) may
    have been removed for the Exchange Enterprise Servers domain local
    group on some or all of the domain controllers.
    The File Replication Service (FRS) may not have successfully
    replicated an updated security policy to one or more domain
    controllers.
    Also, search the Microsoft Knowledge Base for further information.



    User Action

    Change the binding order of the network adapters so that the adapter
    listed at the top of the Connections list has file and printer sharing
    bound to it.
    Use the Policytest.exe utility to check the status of the
    SeSecurityPrivilege right on all of the domain controllers in a single
    domain. The Policytest.exe utility is included on the Exchange
    installation CD-ROM. If the SeSecurityPrivilege has been removed from
    the Exchange Enterprise Servers group, you can grant the right
    directly to the Exchange Enterprise Servers group, or you can run
    Exchange Setup again with the /domainprep switch to grant the
    SeSecurityPrivilege right automatically.
    Ensure that replication between domain controllers is occurring
    properly.




    ----------------------------------------------------------------------------
    ----


    Related Knowledge Base articles


    You can find additional information on this topic in the following
    Microsoft Knowledge Base articles:


    . XADM: Event ID 9074 and 2070 Messages Occur When You Run the System
    Attendant


    When you try to run the system attendant, it does not start, and
    Microsoft Outlook clients cannot log on to the Exchange 2000 server.
    The following event ID messages are logged in the Application event
    log: Event Type: Error Event Source: MSExchangeSA...


    . XADM: Exchange 2000 Server Reports MSExchangeSA 9074


    Microsoft Outlook clients that try to send messages or view the
    Global Address List (GAL) may receive one of the following error
    messages: Network problems are preventing connection to the Microsoft
    Exchange Server computer. Contact your system...


    . XADM: Policytest Utility Returns 'Right NOT Found' Result


    You may experience one or more of the following symptoms: You may
    receive the following results after you run the Policytest utility
    (Policytest.exe): ================================================
    Local domain is "<example>.com" (EXAMPLE) Account...


    . XADM: Exchange 2000 Error Messages Are Generated Because of
    SeSecurityPrivilege Right and Policytest Issues


    You may not be able to mount Exchange 2000 information store
    databases. One or more of the following error messages may also be
    logged in the Application event log: Event Type: Error Event Source:
    MSExchangeDSAccess Event Category: (3) Event ID: 2102...








    4.

    Details

    Product:
    Exchange

    ID:
    8026

    Source:
    MSExchangeAL

    Version:
    6.0

    Component:
    Active Directory Connector

    Symbolic Name:
    MSG_LDAP_BIND_ERROR

    Message:
    LDAP Bind was unsuccessful on directory {directory name} for
    distinguished name '{value}'. Directory returned error:[0x{error
    code}] {error message}. {connection agreement name}



    Explanation

    Lightweight Directory Access Protocol (LDAP) allows you to query and
    manage directory information using a TCP/IP connection.



    User Action

    Check network connectivity. Verify the user name, password, and port
    address are correct, and try again. If the problem persists, verify
    that the remote Exchange server is configured to support LDAP.





    Version:
    6.5.6940.0

    Component:
    Microsoft Exchange Recipient Update Service

    Message:
    LDAP Bind was unsuccessful on directory <directory name> for
    distinguished name '<value>'. Directory returned error:[0x<error
    code>] <error message>. <connection agreement name>



    Explanation

    Lightweight Directory Access Protocol (LDAP) allows you to query and
    manage directory information using TCP/IP. This event indicates that
    an LDAP connection failed. The error code/error message will indicate
    the underlying cause.



    User Action

    Check network connectivity. Verify that the user name, password, and
    port address are correct, and try again. If the problem persists,
    verify that the remote Exchange server is configured to support LDAP.




    ----------------------------------------------------------------------------
    ----


    Related Knowledge Base articles


    You can find additional information on this topic in the following
    Microsoft Knowledge Base articles:


    . XADM: Event 8026 and Event 8260: Can't Access Address List
    Configuration


    After you run dcpromo to demote a domain controller (DC) in your
    domain, the Exchange 2000 MSExchangeAL service starts to log an Eevent
    8026 and an Event 8260 every 10 minutes. The events are as follow:
    Event ID: 8026 Event Type: Error Event Source:...


    . Event ID 8026 Is Logged in Event Viewer After You Install Small
    Business Server


    After you install Microsoft Windows Small Business Server 2003, the
    following event is logged in the event log of Event Viewer:
    EventCode=8026 Source=MSExchangeAL Type=Error LogFile=Application
    LastBuild=2436 #Times=1 Scenario=Clean Installation...








    5.

    Details

    Product:
    Exchange

    ID:
    2103

    Source:
    MSExchangeDSAccess

    Version:
    6.5.0000.0

    Message:
    Process %1 (PID=%2). All Global Catalog Servers in use are not
    responding:

    %3



    Explanation

    This event indicates that DSAccess was not able to find any Global
    Catalogs suitable for LDAP queries. This can result in the halting of
    mail flow and interruption of Address Book services, so it should be
    investigated immediately.
    Causes can include all intra- and extra-site Global Catalogs being
    down or network problems hindering communication with them.



    User Action

    One possibility is that DSAccess could not find any suitable Global
    Catalogs when it did its initial topology discovery (whenever DSAccess
    starts, such as at Exchange server boot-up).
    In this case, check the event log for DSAccess event ID 2080 (may need
    to increase the DSAccess logging level to record this event). The
    detail in that event will allow one to determine if GCs have been
    contacted that are unsuitable for some reason. They can then be
    corrected.

    Another possibility is that GCs already in use have become unsuitable
    (for example, by having lost contact due to network problems, LDAP
    port problems, etc.). Look for DSAccess event ID 2070 in the event
    logs. These events will detail why each GC has become unsuitable.
    Correct as necessary.





    Version:
    6.5.6940.0

    Component:
    Microsoft Exchange Directory Access Service

    Message:
    Process <process name> (PID=<process id>). All Global Catalog Servers
    in use are not responding:
    <fully qualified domain name>



    Explanation

    This event indicates that DSAccess was not able to find any global
    catalogs suitable for Lightweight Directory Access (LDAP) queries.
    This can result in the halting of mail flow and interruption of
    Address Book services, so it should be investigated immediately.

    Causes can include all intra- and extra-site global catalogs being
    down or network problems hindering communication with them.



    User Action

    One possibility is that DSAccess could not find any suitable global
    catalogs when it did its initial topology discovery (whenever DSAccess
    starts, such as at Exchange server boot-up).

    In this case, check the event log for DSAccess Event ID 2080 (may need
    to increase the DSAccess logging level to record this event). The
    detail in that event will allow one to determine if global catalogs
    have been contacted that are unsuitable for some reason. They can then
    be corrected.

    Another possibility is that global catalogs already in use have become
    unsuitable (for example, by having lost contact due to network
    problems, LDAP port problems, and so on). Look for DSAccess Event ID
    2070 in the event logs. These events will detail why each global
    catalog has become unsuitable. Correct as necessary.




    ----------------------------------------------------------------------------
    ----


    Related Knowledge Base articles


    You can find additional information on this topic in the following
    Microsoft Knowledge Base articles:


    . Exchange System Attendant Does Not Start and You Receive a "Global
    Catalog Servers Not Responding" Error Message


    After you install Exchange 2000 or Exchange 2003 successfully, the
    Microsoft Exchange System Attendant service may not start, and you may
    receive the following error message: Event Type: Error Event Source:
    MSExchangeDSAccess Event ID: 2103 Computer:...


    . Event ID 2080 from MSExchangeDSAccess


    In Exchange 2000 Service Pack 2 (SP2) and Exchange 2003, DSAccess (a
    Directory Service Access component) generates a topology detection
    event in the Exchange 2000 or the Exchange 2003 server application
    log. This article describes how you can use the...


    . XADM: Policytest Utility Returns 'Right NOT Found' Result


    You may experience one or more of the following symptoms: You may
    receive the following results after you run the Policytest utility
    (Policytest.exe): ================================================
    Local domain is ".com" (EXAMPLE) Account...



    -----------------
    ------------------
    END OF ISSUES, RELATED KB ARTICLES
    ------------------
    -----------------



+ Reply to Thread
Page 2 of 2 FirstFirst 1 2

Similar Threads

  1. LDAP bind error
    By Application Development in forum RUBY
    Replies: 2
    Last Post: 10-08-2007, 07:26 AM
  2. Installation of cab was unsuccessful
    By Application Development in forum DOTNET
    Replies: 4
    Last Post: 02-06-2007, 12:08 PM
  3. Unsuccessful with Nant and xmlpoke method
    By Application Development in forum DOTNET
    Replies: 0
    Last Post: 11-23-2005, 05:29 PM
  4. Authenticate using LDAP bind to AD from Web page
    By Application Development in forum Microsoft Exchange
    Replies: 0
    Last Post: 06-15-2004, 02:08 PM
  5. LDAP JNDI, how can I read the LDAP schema???
    By Application Development in forum Java
    Replies: 0
    Last Post: 11-29-2003, 12:50 AM