LDAP error message is logged after you install Exchange in multiple domains

View products that this article applies to.

This article was previously published under Q313167

Symptoms

If Microsoft Exchange is installed in multiple domains that contain global catalog servers, and those global catalog servers are used to resolve Exchange queries, the following error messages may be logged in the Exchange server Application event log and Directory Service log.

The following error message may be logged in the Application event log:

Event: 8270
Source: MSExchangeAL
Type: Error
Description:
LDAP returned error [34] Unavailable when importing transaction
dn:(GUID=877389AE-4DC5-4D81-9237-1170498CC2AA)
changetype: Modify
member:add:(GUID=4F35077F-E872-4E55-943B-07A53E05CFD6)
-
DC=domain,DC=com

The following error message may be logged in the Directory Service log:

Event: 1126
Source: NTDS General
Type: Error
Description:
Unable to establish connection with catalog

Note On domain controllers, you may also see event error messages that are similar to the following:

Event ID: 1126 
Source: NTDS General 
Type: Error 
Description: Unable to establish connection with global catalog.

Event ID: 1188 
Source: NTDS General 
Type: Error 
Description: A thread in the directory is waiting in a remote procedure call (RPC) to directory <directory> performing a(n) <operation name> operation. The directory has attempted to cancel the call and recover thread id <thread id>. If this condition persists, stop and restart that Windows Domain Controller.

↑ Back to the top

Cause

By design, the Recipient Update Service tries to contact a global catalog server in each of the other domains after you install Exchange Server. The Recipient Update Service must add the Exchange Domain Servers group in the remote domains to the Exchange Enterprise Servers group in the local domain. If the Recipient Update Service is running on Exchange Server 2003, the Recipient Update Service also adds the Exchange Domain Servers group in the remote domains to the Pre-Windows 2000 Compatible Access Builtin group in the local domain.

↑ Back to the top

Workaround

If event 8270 references a GUID in the Description field, the group membership of the Exchange Enterprise Servers group has not been modified.

To work around this behavior, use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to manually modify the group membership of the Exchange Enterprise Servers group:

Start the Active Directory Users and Computers MMC snap-in.
In the Users container, locate and then open the properties of the Exchange Enterprise Servers group.
Click the Members tab, and then click Add.
In the Look in list, click the remote domain.
In the remote domain, locate the Exchange Domain Servers group, click Add, and then click OK.
If the membership of the Exchange Enterprise Servers group displays the Exchange Domain Servers group from the remote domain, click OK to close the dialog box.

If event 8270 references <SID=0102000000000005200000002A020000> in the Description field, the group membership of the Pre-Windows 2000 Compatible Access Builtin group has not been modified.

To work around this behavior, use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to manually modify the group membership of the Pre-Windows 2000 Compatible Access Builtin group:

Start the Active Directory Users and Computers MMC snap-in.
In the Builtin container, locate and then open the properties of the Pre-Windows 2000 Compatible Access group.
Click the Members tab, and then click Add.
In the Look in list, click the remote domain.
In the remote domain, locate the Exchange Domain Servers group, click Add, and then click OK.
If the membership of the Pre-Windows 2000 Compatible Access Builtin group displays the Exchange Domain Servers group from the remote domain, click OK to close the dialog box.