RE: [ActiveDir] Recursive serach on Root domain failed.

Sat, 25 Jun 2005 15:50:06 -0700

So I am writing a longer note about the history of VLV fixes we’ve thrown at it and why, but haven’t finished yet, and am trying to decide if it is best done in a blog post or an email to this list (it’s 2 pages so far).

 

In the interim, a couple of thoughts….

From the DSID you’re getting, I’d speculate you’re still doing VLV. I don’t know what you’ve tweaked on the Outlook side, but that’s my suspicion. A network sniff (or some more data) would confirm.

However, looking at this more broadly….

 

If you implement this change as your “fix”, you’ll find you need to do this on every client. That might grow old. J

A better fix, assuming 2k3 SP1 DCs (for RTM DCs, you’d need a QFE on them for this, namely a binary from the QFE tree that is Q886683 or later)…..

  1. Fire up adsiedit, crack open the config NC
  2. Expand CN=Directory Service,CN=Windows NT,CN=Services.
  3. Edit CN=Directory Services.
  4. Nav down to msds-Other-Settings. Edit.
  5. In the Value to add box, type, without the quotes: “DisableVLVSupport=1”. Click Add.

Give that a try, let us know how it goes. J

 

~Eric

 

 

 

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Saturday, June 25, 2005 12:54 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Recursive serach on Root domain failed.

 

Thanks for reply :)

 

Yes, i have already followed the link you sepcified. I disable LDAP address-list-browsing functionality in my outlook 2003: the browsing is then disable  -> The list is empty without the Unavailable Critical Extension error message box.

The only way I found to use the LDAP seach with outlook 2003 Exchange MAPI mode is to configure Outlook for searchng LDAP Active Directory first and not the Exchange GAL , and type the sender in the "to... '" field of outlook: Outlook the verify the sender against LDAP AD first and that works. I thought distributing his regkey with GPO in all my users...

 

I Have already installed sp1 for w2k3 a months ago, and no way :(

 

The same problem is reproduced in an other French University.

 

The maxpagesize = the max LDAP page size for the default query policy in my domain is set to a hight value 20000 instead of the default value of 1000.... I wondering if this can be the reason...

 

Cheers,

 

Yann

 

De: [EMAIL PROTECTED] de la part de Robert Williams (RRE)
Date: sam. 25/06/2005 18:25
À: ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] Recursive serach on Root domain failed.

Try disabling VLV in outlook, you can do that here:

 

820864 You Experience Performance Problems in Outlook 2003 When You Browse an


http://support.microsoft.com/?id=820864



 



If that solves your problem then you might
be hitting a known bug…contact PSS for the hotfix (or install SP1 which I
believe has the fix).



 






Robert
Williams, MCSE NT4/2K/2K3, Security+



Infrastructure Rapid Response Engineer



Northeast Region



Microsoft Corporation



Global Solutions Support
 Center


















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN

Sent: Saturday, June 25, 2005 9:01
AM

To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] Recursive
serach on Root domain failed.






 









Hello,









 









When I do a LDAP recursive search(with Outlook 2003 in
Exchange 2003 MAPI or php scripts)  througth my root Domain
AD2003 (dc=domain,dc=fr), the search failed with the corresponding error:
"Unavailable Critical Extension".but when I put the complete DN of an
OU (ou=test,dc=domain,dc=fr) then the search worked.









 









When I used Outlook Express configured in  LDAP ,
the recursive search ... worked.









My environnement:Forest
ad2003 raised to windows server 2003 functional level. I did an in place
upgrade from AD 2000 native mode to AD 2003.









 









Curious thing is when i installed fresh domain AD2003 test
(without upgradefrom ad2000) any recursive serach with php, outlook 2003,etc..)
works !!!!









 









So I suspect that i is the migration that causes the problem
but, I didn't know if such request worked before migration :(









 









My network trace between my workstation and any DCs
confirmed the error:









 









LDAP: ProtocolOp = SearchResponse (simple)

        LDAP: Result Code = Unavailable
Critical Extension

        LDAP: Error Message =000020EF:
SvcErr: DSID-031402D0, problem 5010 (UNAVAIL_EXTENSION)

        LDAP: Controls

           LDAP: Sort Response
Control

           LDAP: Criticality = 0
(0x0)

         LDAP: Sort Result Code =
Unwilling to Perform









 









I contacted MS French support and they give the patch
concerning http://support.microsoft.com/kb/841461/en-us, without
success :(









I find this http://support.microsoft.com/kb/842637/en-us that
seems to correspond to my pb but who to put the script to put in my outlook
2003 ? this is in the workaround section 









 









any ideas  ?









 


















Cherrs,









 









Yann

Reply via email to