Event Id | 8341 |
Source | MSADC |
Description | ADC cannot replicate to Exchange 5.5. because, on this server, LDAP Client Integrity is set to 2 (always sign.) Exchange 5.5 does not support LDAP signing. To allow this server to connect to 5.5., set the registry key registry_subkey to 0 (never sign) or 1 (sign if possible) value |
Event Information | According to Microsoft: CAUSE: This issue may occur if the following conditions are true: 1. The computer that initiates the LDAP connection to the Exchange Server 5.5 computer is running Microsoft Windows 2000 Service Pack 3 or a later version of Microsoft Windows. 2. The LdapClientIntegrity registry entry on the computer that initiates the LDAP connection is set to a value of 2. A value of 2 indicates that LDAP signing and sealing is "always on". Exchange Server 5.5 does not support LDAP signing. Therefore, the LDAP connection fails when it tries to negotiate a signed session with the Exchange Server 5.5 computer. RESOLUTION: To resolve this issue, change the value of the LdapClientIntegrity registry entry on the computer that initiates the LDAP connection. You can configure the value of the LdapClientIntegrity registry entry so that LDAP either never signs or signs if requested. To do this, follow these steps: 1. Click Start, click Run, type regedit in the Open box, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap a. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services b. On the Edit menu, point to New, and then click Key. c. Type ldap as the subkey name, and then press ENTER. d. Right-click ldap, point to New, and then click DWORD Value. e. Type LdapClientIntegrity as the entry name, and then press ENTER. 3. In the right pane, right-click LdapClientIntegrity, and then click Modify. 4. In theValue data box, type one of the following values:a. Type 0 if you do not want LDAP to use signing. b. Type 1 if you want LDAP to automatically use signing against supported servers but to permit fallback to a non-signed session if you cannot establish signing. 5. Quit Registry Editor. 6. Restart the computer. |
Reference Links | The LDAP connection may stop responding and ADC event ID 8341 may be logged when your computer initiates an LDAP session to a computer that is running Exchange Server 5.5 Exchange (MSADC) |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.