"Unavailable critical extension" error in Outlook when accessing an Windows 2003 LDAP directory

When I trying to access our LDAP directory using MS Outlook 2002 or 2003 I recieve the following error:  "Unavailable critical extension" and then "the action could not be completed".  After these errors it allow me to search the LDAP directory.

The problem does not happen with Outlook Express, Netscape or any other client to my knowledge, only Outlook.  We are using ADAM (active directory in application mode) as our ldap server.  The problem is not machine specific as it appears to occur on any machine running Outlook.

On a side note:  Our ldap directory contains approx. 15,000 names.  I believe the problem begain occuring sometime after 10,069 names.  I'm not sure if it's some kind of limitation or if there is a configuration problem on the ldap server.  As I said before it only occurs using outlook.
 
Any thoughts on what is causing the problem and how to fix it?
sethmiller75Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
acsevenConnect With a Mentor Commented:
Hi,

  though I don't know about the issue, here's some reading at the openldap site (keep going through the follow-ups):

http://www.openldap.org/lists/openldap-software/200408/msg00293.html

hope this helps
0
 
sethmiller75Author Commented:
Thanks for the link (already been there though).  That was about the closest thing I could find on Google but, I don't know that it specifically applies to ADAM Ldap.  They mention turning off "pagedresults" but,  Is there such a setting in ADAM?  If so could somebody tell me where to find it?  Working with ADSI edit is about 20 times worse than editing the registry.

Thanks
0
 
sethmiller75Author Commented:
Does anyone have an idea as to what may be causing this?
0
 
sethmiller75Author Commented:
I guess I'll answer My own question.  Do I get my points back?  Anyhoo...

The problem was caused by the fact that later versions of Outlook try to enumerate the entire directory on connection.  The default setting on the ADAM  LDAP server limits the search query to a maximum of 10,000 names.  If number of LDAP entries exceeds that, Outlook will generate an error.

There are two fixes-

One is to make a registry change on the client machine which will remove the error:
Open regedit and and browse to: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\
(if you've got office 2002 it will be (10.0) not (11.0)
Add new key, name it "LDAP"
Next add a Dword, name it "DisableVLVBrowsing" and set the value to "1" (don't actually add the quotes on either).
So what you have is [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP]"DisableVLVBrowsing"=dword:00000001
Now reboot (or it wont work).

The second solution (probably the better of the 2 depending on your directory size) is to change the maximum number of results ADAM will desplay AKA "MaxTempTableSize".  The default is 10,000.
On the LDAP server open "ADAM tools" and at the command prompt type "dsmgmt" (use /? to show the commands and quit to back up)
at  dsmgmt: type "ldap pol"
at ldap policy: type "connections"
at connections: type "connect to server servername:389" (where servername is the name of your ldap server)
it should say binding to server etc...
at connections: type "quit"
at ldap policy: type "list" (you should see MaxTempTableSize listed.  type "show value" to see the current value)
at ldap policy: type "Set MaxTempTableSixe to 20000" (or whatever value you want).
at ldap policy type "commit changes"
That's it type quit several times or do a "show value" to take a look at the new value.
(Here's what it looks like)

C:\WINDOWS\ADAM>dsmgmt
dsmgmt: ldap pol
ldap policy: connections
server connections: connect to server avsmtp1:389
Binding to avsmtp1:389 ...
Connected to avsmtp1:389 using credentials of locally logged on user.
server connections: quit
ldap policy: list
Supported Policies:
        MaxPoolThreads
        MaxDatagramRecv
        MaxReceiveBuffer
        InitRecvTimeout
        MaxConnections
        MaxConnIdleTime
        MaxPageSize
        MaxQueryDuration
        MaxTempTableSize
        MaxResultSetSize
        MaxNotificationPerConn
        MaxValRange
ldap policy: set MaxTempTableSize to 20000
ldap policy: commit changes

 Hope this helps somebody out. I've been searching for an answer to this for a long time...

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.