XIMS: Exchange Server 5.5 LDAP Service Running on Windows 2000

ID: Q232606

The information in this article applies to:

Microsoft Exchange Server, version 5.5

SYMPTOMS

When Exchange Server is installed on a Windows 2000 domain controller, the Exchange Server directory service has no way to use a non-default port (636) for LDAP Secure Sockets Layer (SSL) communication. The following error may be found in the event log:

Event ID: 1309
Type: Error
Source: MSExchangeDS
Description: Register LDAP SSL protocol failed with error 10048. The LDAP SSL server is not available. Make sure port number 636 is not used by another application.

CAUSE

This problem occurs when Exchange Server is running on a system that already has a Directory service using this port. This will occur when Exchange Server is installed on a Windows 2000 domain controller.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Microsoft Exchange Server version 5.5 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

The English version of this fix should have the following file attributes or later:

Component: Directory

File name	Version
Dsamain.exe	5.5.2617.0

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

WORKAROUND

If you set the Incoming-Msg-Size-Limit attribute to, for example 637, using the Exchange Server Administrator program in raw mode, you can effectively change the port used by the Exchange Server LDAP SSL service for listening. To do so:

WARNING: Using the raw mode of the Exchange Server Administrator program (admin /r) incorrectly can cause serious problems that may require you to reinstall Microsoft Windows NT Server and/or Microsoft Exchange Server. Microsoft cannot guarantee that problems resulting from the incorrect use of raw mode can be solved. Use raw mode at your own risk.

Start the Microsoft Exchange Server Administrator program in raw mode by typing the following at a command prompt:

c:\exchsrvr\bin\admin /r

Select the Protocols container of the Site or Server depending on the scope of this setting.

Select the LDAP component.

On the File menu, click Raw Properties.

In the List Attributes of Type drop-down box, select All.

In the Object Attributes list, scroll down to the Incoming-Msg-Size-Limit attribute, and select it.

In the Edit Value text box, type the port you want to use.

Click the Set button. After doing this, make sure the Edit Value and Attribute Value are the same.

Click OK to close the dialog box.

Stop and restart the Exchange Server Directory service.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5.

Additional query words:


Keywords          : exc55 
Version           : winnt:5.5
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: July 23, 1999