Solved

"Unavailable critical extension" error in Outlook when accessing an Windows 2003 LDAP directory

Posted on 2004-10-12
4
6,550 Views
Last Modified: 2012-08-14
When I trying to access our LDAP directory using MS Outlook 2002 or 2003 I recieve the following error:  "Unavailable critical extension" and then "the action could not be completed".  After these errors it allow me to search the LDAP directory.

The problem does not happen with Outlook Express, Netscape or any other client to my knowledge, only Outlook.  We are using ADAM (active directory in application mode) as our ldap server.  The problem is not machine specific as it appears to occur on any machine running Outlook.

On a side note:  Our ldap directory contains approx. 15,000 names.  I believe the problem begain occuring sometime after 10,069 names.  I'm not sure if it's some kind of limitation or if there is a configuration problem on the ldap server.  As I said before it only occurs using outlook.
 
Any thoughts on what is causing the problem and how to fix it?
0
Comment
Question by:sethmiller75
  • 3
4 Comments
 
LVL 11

Accepted Solution

by:
acseven earned 500 total points
ID: 12293610
Hi,

  though I don't know about the issue, here's some reading at the openldap site (keep going through the follow-ups):

http://www.openldap.org/lists/openldap-software/200408/msg00293.html

hope this helps
0
 

Author Comment

by:sethmiller75
ID: 12298266
Thanks for the link (already been there though).  That was about the closest thing I could find on Google but, I don't know that it specifically applies to ADAM Ldap.  They mention turning off "pagedresults" but,  Is there such a setting in ADAM?  If so could somebody tell me where to find it?  Working with ADSI edit is about 20 times worse than editing the registry.

Thanks
0
 

Author Comment

by:sethmiller75
ID: 12307594
Does anyone have an idea as to what may be causing this?
0
 

Author Comment

by:sethmiller75
ID: 12370238
I guess I'll answer My own question.  Do I get my points back?  Anyhoo...

The problem was caused by the fact that later versions of Outlook try to enumerate the entire directory on connection.  The default setting on the ADAM  LDAP server limits the search query to a maximum of 10,000 names.  If number of LDAP entries exceeds that, Outlook will generate an error.

There are two fixes-

One is to make a registry change on the client machine which will remove the error:
Open regedit and and browse to: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\
(if you've got office 2002 it will be (10.0) not (11.0)
Add new key, name it "LDAP"
Next add a Dword, name it "DisableVLVBrowsing" and set the value to "1" (don't actually add the quotes on either).
So what you have is [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP]"DisableVLVBrowsing"=dword:00000001
Now reboot (or it wont work).

The second solution (probably the better of the 2 depending on your directory size) is to change the maximum number of results ADAM will desplay AKA "MaxTempTableSize".  The default is 10,000.
On the LDAP server open "ADAM tools" and at the command prompt type "dsmgmt" (use /? to show the commands and quit to back up)
at  dsmgmt: type "ldap pol"
at ldap policy: type "connections"
at connections: type "connect to server servername:389" (where servername is the name of your ldap server)
it should say binding to server etc...
at connections: type "quit"
at ldap policy: type "list" (you should see MaxTempTableSize listed.  type "show value" to see the current value)
at ldap policy: type "Set MaxTempTableSixe to 20000" (or whatever value you want).
at ldap policy type "commit changes"
That's it type quit several times or do a "show value" to take a look at the new value.
(Here's what it looks like)

C:\WINDOWS\ADAM>dsmgmt
dsmgmt: ldap pol
ldap policy: connections
server connections: connect to server avsmtp1:389
Binding to avsmtp1:389 ...
Connected to avsmtp1:389 using credentials of locally logged on user.
server connections: quit
ldap policy: list
Supported Policies:
        MaxPoolThreads
        MaxDatagramRecv
        MaxReceiveBuffer
        InitRecvTimeout
        MaxConnections
        MaxConnIdleTime
        MaxPageSize
        MaxQueryDuration
        MaxTempTableSize
        MaxResultSetSize
        MaxNotificationPerConn
        MaxValRange
ldap policy: set MaxTempTableSize to 20000
ldap policy: commit changes

 Hope this helps somebody out. I've been searching for an answer to this for a long time...

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No matter the version of Windows you are using, you may have some problems with Windows Search running too slow or possibly not running at all. Before jumping into how you can solve this issue, just know there are many other viable alternative deskt…
Outlook Free & Paid Tools
The viewer will learn how to  create a slide that will launch other presentations in Microsoft PowerPoint. In the finished slide, each item launches a new PowerPoint presentation and when each is finished it automatically comes back to this slide: …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now