Solved

"Unavailable critical extension" error in Outlook when accessing an Windows 2003 LDAP directory

Posted on 2004-10-12
4
6,623 Views
Last Modified: 2012-08-14
When I trying to access our LDAP directory using MS Outlook 2002 or 2003 I recieve the following error:  "Unavailable critical extension" and then "the action could not be completed".  After these errors it allow me to search the LDAP directory.

The problem does not happen with Outlook Express, Netscape or any other client to my knowledge, only Outlook.  We are using ADAM (active directory in application mode) as our ldap server.  The problem is not machine specific as it appears to occur on any machine running Outlook.

On a side note:  Our ldap directory contains approx. 15,000 names.  I believe the problem begain occuring sometime after 10,069 names.  I'm not sure if it's some kind of limitation or if there is a configuration problem on the ldap server.  As I said before it only occurs using outlook.
 
Any thoughts on what is causing the problem and how to fix it?
0
Comment
Question by:sethmiller75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 11

Accepted Solution

by:
acseven earned 500 total points
ID: 12293610
Hi,

  though I don't know about the issue, here's some reading at the openldap site (keep going through the follow-ups):

http://www.openldap.org/lists/openldap-software/200408/msg00293.html

hope this helps
0
 

Author Comment

by:sethmiller75
ID: 12298266
Thanks for the link (already been there though).  That was about the closest thing I could find on Google but, I don't know that it specifically applies to ADAM Ldap.  They mention turning off "pagedresults" but,  Is there such a setting in ADAM?  If so could somebody tell me where to find it?  Working with ADSI edit is about 20 times worse than editing the registry.

Thanks
0
 

Author Comment

by:sethmiller75
ID: 12307594
Does anyone have an idea as to what may be causing this?
0
 

Author Comment

by:sethmiller75
ID: 12370238
I guess I'll answer My own question.  Do I get my points back?  Anyhoo...

The problem was caused by the fact that later versions of Outlook try to enumerate the entire directory on connection.  The default setting on the ADAM  LDAP server limits the search query to a maximum of 10,000 names.  If number of LDAP entries exceeds that, Outlook will generate an error.

There are two fixes-

One is to make a registry change on the client machine which will remove the error:
Open regedit and and browse to: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\
(if you've got office 2002 it will be (10.0) not (11.0)
Add new key, name it "LDAP"
Next add a Dword, name it "DisableVLVBrowsing" and set the value to "1" (don't actually add the quotes on either).
So what you have is [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP]"DisableVLVBrowsing"=dword:00000001
Now reboot (or it wont work).

The second solution (probably the better of the 2 depending on your directory size) is to change the maximum number of results ADAM will desplay AKA "MaxTempTableSize".  The default is 10,000.
On the LDAP server open "ADAM tools" and at the command prompt type "dsmgmt" (use /? to show the commands and quit to back up)
at  dsmgmt: type "ldap pol"
at ldap policy: type "connections"
at connections: type "connect to server servername:389" (where servername is the name of your ldap server)
it should say binding to server etc...
at connections: type "quit"
at ldap policy: type "list" (you should see MaxTempTableSize listed.  type "show value" to see the current value)
at ldap policy: type "Set MaxTempTableSixe to 20000" (or whatever value you want).
at ldap policy type "commit changes"
That's it type quit several times or do a "show value" to take a look at the new value.
(Here's what it looks like)

C:\WINDOWS\ADAM>dsmgmt
dsmgmt: ldap pol
ldap policy: connections
server connections: connect to server avsmtp1:389
Binding to avsmtp1:389 ...
Connected to avsmtp1:389 using credentials of locally logged on user.
server connections: quit
ldap policy: list
Supported Policies:
        MaxPoolThreads
        MaxDatagramRecv
        MaxReceiveBuffer
        InitRecvTimeout
        MaxConnections
        MaxConnIdleTime
        MaxPageSize
        MaxQueryDuration
        MaxTempTableSize
        MaxResultSetSize
        MaxNotificationPerConn
        MaxValRange
ldap policy: set MaxTempTableSize to 20000
ldap policy: commit changes

 Hope this helps somebody out. I've been searching for an answer to this for a long time...

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Word 2013, I was experiencing some incredible lag when typing.  Here's what worked for me....
Outlook Free & Paid Tools
This video shows the viewer how to set up and create Footnotes in their document. Click on the References tab: Select "Insert Footnote": Type in desired text:
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question