Eric,
For the Outlook Side, when added the value
"DisableVLVBrowsing"=dword:00000001" per workstations, the browsing did not show
any users as u stated (blank list). Without the RegValue, the error "Unavailable
Critical Extension" appears with, again, no users showing in the browsing list.
So the regkey seems to disable the VLV feature at the client side BUT without
showing any users :(
I found a way to LDAP search in my AD by contourning this problem
:)
With your regkey set in the configuration partition,that resolve
definitively my pb, the browsing in Outlook 2003 works.
And at the time of writing, i tested the ldap browsing in 10 worstations
that have outlook 2003 in LDAP, and that works, whereas they did not work before
and with the same error !!
All the outlook i've installed have all the necessary binaries, have
all the last pacthes :)
I
will forward u the network trace of the php search.
Thanks for help :)
PS: let us know when u will publish a KB on the VLV feature please
:)
Yann De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Eric Fleischman Envoyé : lundi 27 juin 2005 10:46 À : ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Recursive serach on Root domain failed. Can you take a network
sniff of the PHP scripts failing? I suspect they are just
blindly doing VLV, not actually checking if the DC they are talking to supports
it. The mod you made below will remove the VLV OID from supportedCapabilities
such that people that look for it wont find it. If the PHP scripts just use VLV
w/o first checking, theyll still fail (though Id argue while what we did isnt
ideal, what they would be doing is just as bad if not worse, because you
shouldnt use something like VLV w/o first checking that the DSA supports
it). I dont really know
what that Outlook thing you tried does from the Outlook side, Im an AD guy, not
an Outlook guy. Ive been told by people that I know that it just disables the
attempt to use VLV, but there might the caveats they didnt mention. Maybe you
dont have a late enough Outlook binary that understands it. Maybe you didnt do
the magic DisableVLVBrowsing dance. I dont know. As I mentioned before,
Im doing a write-up of this which Ill probably blog. Ill post to this list
with a link to that post when I do it, probably soon, but I have a few other
things I need to do first Im afraid. ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of TIROA
YANN ERIC !!! You're the BEST !!! THAT
WORKS FINE !!!!!! I have never found the solution of
my problem for one year :( For oulook 2003, the search
succeeded thanks to your Value added with adsiedit, and it works better
than the [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP]
"DisableVLVBrowsing"=dword:00000001" added per workstations
!!! But I noticed that for php scripts,
the error still remaining... any thoughts ? Thank u very much eric for the
invaluable help u provided me :-) Cheers, Yann De :
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
De la part de Eric
Fleischman So I am writing a
longer note about the history of VLV fixes weve thrown at it and why, but
havent finished yet, and am trying to decide if it is best done in a blog post
or an email to this list (its 2 pages so far). In the interim, a
couple of thoughts
. From the DSID youre
getting, Id speculate youre still doing VLV. I dont know what youve tweaked
on the Outlook side, but thats my suspicion. A network sniff (or some more
data) would confirm. However, looking at
this more broadly
. If you implement this
change as your fix, youll find you need to do this on every client. That
might grow old. J A better fix, assuming
2k3 SP1 DCs (for RTM DCs, youd need a QFE on them for this, namely a binary
from the QFE tree that is Q886683 or later)
..
Give that a try, let us
know how it goes. J ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of TIROA
YANN Thanks for reply
:) Yes, i have already
followed the link you sepcified. I disable LDAP address-list-browsing
functionality in my outlook 2003: the browsing is then disable
-> The list is empty without the Unavailable Critical
Extension error message
box. The only way I found
to use the LDAP seach with outlook 2003 Exchange MAPI mode is to configure
Outlook for searchng LDAP Active Directory first and not the Exchange GAL , and
type the sender in the "to... '" field of outlook: Outlook the verify the
sender against LDAP AD first and that works. I thought distributing his regkey
with GPO in all my users... I Have already installed sp1 for
w2k3 a months ago, and no way :( The same problem is reproduced in an
other The maxpagesize = the max LDAP page
size for the default query policy in my domain is set to a hight value 20000
instead of the default value of 1000.... I wondering if this can be the
reason... Cheers, Yann De:
[EMAIL PROTECTED] de la part de Robert Williams
(RRE) Try disabling VLV in
outlook, you can do that here: 820864 You Experience Performance Problems in Outlook 2003 When You Browse an
http://support.microsoft.com/?id=820864 If that solves your
problem then you might be hitting a known bug
contact PSS for the hotfix (or
install SP1 which I believe has the fix). Robert
Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response
Engineer Northeast
Region Microsoft Corporation Global From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of TIROA
YANN Hello, When I do a LDAP recursive
search(with Outlook 2003 in Exchange 2003 MAPI or php scripts)
througth my root Domain AD2003 (dc=domain,dc=fr), the search failed with
the corresponding error: "Unavailable Critical Extension".but when I put the
complete DN of an OU (ou=test,dc=domain,dc=fr) then the search
worked. When I used Outlook
Express configured in LDAP , the recursive search ...
worked. My environnement: Curious thing is when i installed
fresh domain AD2003 test (without upgradefrom ad2000) any recursive serach with
php, outlook 2003,etc..) works !!!! So I suspect that i is the migration
that causes the problem but, I didn't know if such request worked before
migration :( My network trace between my
workstation and any DCs confirmed the error: LDAP: ProtocolOp = SearchResponse
(simple) I contacted MS French support and
they give the patch concerning http://support.microsoft.com/kb/841461/en-us, without
success :( I find this http://support.microsoft.com/kb/842637/en-us that
seems to correspond to my pb but who to put the script to put in my outlook 2003
? this is in the workaround section any ideas
? Cherrs, Yann |
- RE: [ActiveDir] Recursive serach on Root domain failed. TIROA YANN
- RE: [ActiveDir] Recursive serach on Root domain faile... Haaker, Chris
- RE: [ActiveDir] Recursive serach on Root domain faile... Eric Fleischman