The LDAP connection may stop responding and ADC event ID 8341 may be logged when your computer initiates an LDAP session to a computer that is running Exchange Server 5.5

When you use a Microsoft Windows implementation of the Lightweight Directory Access Protocol (wLDAP) client to connect to a Microsoft Exchange Server 5.5 computer, the session may stop responding. For example, the session may stop responding when you use the Ldp.exe tool to bind to the Exchange Server 5.5 computer.

If you are running Exchange in a mixed-mode environment, the Active Directory Connector (ADC) may not replicate information to the Exchange Server 5.5 directory. In this scenario, the following event may be logged in the application event log of the computer that is running the ADC:

Event Type: Error
Event Source: MSADC
Event ID: 8341
Description:
ADC cannot replicate to Exchange 5.5. because, on this server, LDAP Client Integrity is set to '2' (always sign.) Exchange 5.5 does not support LDAP signing. To allow this server to connect to 5.5., set the registry key registry_subkey to 0 (never sign) or 1 (sign if possible) value

This issue may occur if the following conditions are true:

�	The computer that initiates the LDAP connection to the Exchange Server 5.5 computer is running Microsoft Windows 2000 Service Pack 3 or a later version of Microsoft Windows.
�	The LdapClientIntegrity registry entry on the computer that initiates the LDAP connection is set to a value of 2. A value of 2 indicates that LDAP signing and sealing is "always on."

Exchange Server 5.5 does not support LDAP signing. Therefore, the LDAP connection fails when it tries to negotiate a signed session with the Exchange Server 5.5 computer.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, change the value of the LdapClientIntegrity registry entry on the computer that initiates the LDAP connection. You can configure the value of the LdapClientIntegrity registry entry so that LDAP either never signs or signs if requested. To do this, follow these steps:

1.	Click Start, click Run, type regedit in the Open box, and then click OK.
2.	Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap Note If the subkey does not exist, follow these steps: a. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services b. On the Edit menu, point to New, and then click Key. c. Type ldap as the subkey name, and then press ENTER. d. Right-click ldap, point to New, and then click DWORD Value. e. Type LdapClientIntegrity as the entry name, and then press ENTER.
3.	In the right pane, right-click LdapClientIntegrity, and then click Modify.
4.	In theValue data box, type one of the following values: � Type 0 if you do not want LDAP to use signing. � Type 1 if you want LDAP to automatically use signing against supported servers but to permit fallback to a non-signed session if you cannot establish signing.
5.	Quit Registry Editor.
6.	Restart the computer.

LDAP signing and sealing is supported in Windows 2000 Service Pack 3 and in later versions of Microsoft Windows. For more information about LDAP signing, click the following article number to view the article in the Microsoft Knowledge Base: