• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DCDiag throws error: LDAP Bind failed with error 58

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> DCDiag throws error: LDAP Bind failed with error 58 Page: [1]
Login
Message << Older Topic   Newer Topic >>
DCDiag throws error: LDAP Bind failed with error 58 - 2.Mar.2005 8:21:00 PM   
damber

 

Posts: 5
Joined: 2.Mar.2005
From: United Kingdom
Status: offline
After a day working as expected (with the exception of the MAPI client connections as per my other post) Exchange services (System Attendant and its dependants) stopped working.

After looking at the event logs, it appears to be an issue with connecting to the domain controller. (why this just started happening is bemusing to say the least)

I ran dcdiag to check if this could shed some light - and it threw up the error:
--------
[xxxxxx] LDAP bind failed with error 58,
The specified server cannot perform the requested operation..
***Error: The machine, xxxxx could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller.
--------
I can assure you it is a domain controller, running Active Directory and DNS, all seem to be running fine.

I've checked the servers can see each other and communicate (I can certainly login to the domain from the Exchange Server, which is serviced by Active Directory on the DC in question, and run dns lookups)

Can anyone provide any answers or ideas?

Many thanks in advance
Damian
Post #: 1
RE: DCDiag throws error: LDAP Bind failed with error 58 - 2.Mar.2005 8:37:00 PM   
BeTaCam

 

Posts: 423
Joined: 24.Feb.2003
From: India
Status: offline
Hi check previous post for reply.

Did you manually remove an Exchange installation using ADSIEdit ?

Looks like your DSAccess is problematic.

Ensure that the Global Catalog has _msdcs,_ldap,_tcp records on the AD Integrated DNS.

--------------------
1. netdom query fsmo
<output>
2. Dcdiag
<output>
3. Netdiag- Under section dclist ?
What do you see ?
Can you provide more information please ?

/Bc
If you also observe the KDC errors

[ March 02, 2005, 08:39 PM: Message edited by: Betacam ]

(in reply to damber)
Post #: 2
RE: DCDiag throws error: LDAP Bind failed with error 58 - 2.Mar.2005 11:58:00 PM   
damber

 

Posts: 5
Joined: 2.Mar.2005
From: United Kingdom
Status: offline
Hi betacam, thanks for you responses.

You're right, I used ADSIedit to remove the previous installation from ActiveDirectory.

I've checked the DSAccess in the registry and applied what I believe to be the right settings to statically define the DC and GC (as per this microsoft support article) both GC1 and DC1 for the default profile are set as my PDC / AD (the only one in the domain).

as per your specific questions:

1. netdom query fsmo
Returns:
" The Specified server cannot perform the requested operation. The command failed to complete succesfully"

I also ran 'netdom query dc' and it returned the name of my DC (surprisingly) - so it should know it is there ??

2. DCDiag returns:
code:
> dcdiag /s:MyDC

DC Diagnosis

Performing initial setup:
[MyDC] LDAP bind failed with error 58,
The specified server cannot perform the requested operation..
***Error: The machine, MyDC could not be contacted, because of a bad net
response. Check to make sure that this machine is a Domain Controller.

3. Netdiag respnds with:
code:
Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MyEXCHSVR
IP Address . . . . . . . . : xx.xx.xx.xx
Subnet Mask. . . . . . . . : xx.xx.xx.xx
Default Gateway. . . . . . : xx.xx.xx.xx
Dns Servers. . . . . . . . : xx.xx.xx.xx

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{XXXXXXXX-XXXXX-XXX1-XXX1-D4D8XXXXXXXX}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{XXXXXXXX-1B80-XXXXX-8BE1-D4D8XXXXXXXX}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{XXXXXXXXX-1B80-XXXXX-8BE1-D4D8XXXXXXXX}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\\XXXXXXXX*\MAILSLOT\NET\NETLOGON'
via redir. [ERROR_BAD_NETPATH]

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Secure channel for domain 'XXXXXXXX' is to '\\MyDC.xxxxxx.xxx'.

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do un-authenticated ldap_search to 'MyDC.xxxxxx.xxx': Unava
ilable.
[WARNING] Failed to query SPN registration on DC 'MyDC.xxxxx.xxx'.

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully

I believe Kerberos to be running ok on the DC, though it isn't running at all on the Exchange server (I wouldn't expect it to be)

The Primary DNS = the only DNS/AD/PDC on the network, which is the one it finds when querying 'netdom query dc'

The DNS Server has the usual _msdcs _tcp _ldap _kerberos _udp etc etc entries for the relevant sites - I've not gone through these with a fine toothcomb since I installed it, but they were all present previously, and all point to the appropriate DC.

DNS lookups work from any machine on the network. I've made sure that all firewalls have been turned off internally so that they do not add any potential issues.

Now the DSAccess is set to pick up manually - I would have expected it to work... maybe I was just hoping this was the answer !

Could this be a NetBIOS issue ? I've checked to see if it is running on both servers and it is, (print/file sharing and the helper service).. In the middle I run ISA Server, which acts as a central router / gateway / firewall for the network - this is at the moment (I believe) letting everything through.

I would really appreciate your help - or anyone elses for that matter - it amazes me how a fresh install doesn't work, having had Exchange 2000 and even 2003 running from the same place for ages.

Thanks in advance.

Kind Regards
Damian

(in reply to damber)
Post #: 3
RE: DCDiag throws error: LDAP Bind failed with error 58 - 3.Mar.2005 1:40:00 PM   
damber

 

Posts: 5
Joined: 2.Mar.2005
From: United Kingdom
Status: offline
A bit of an update:

1. I have tested dcdiag on the DC and it works fine, as does netdiag - no errors reported.
2. I have also tested from other servers - these are also ok.
3. It is only this server that cannot communicate correctly with the DC.
4. After checking the LDAP connectivity using ldp.exe I found that all servers could connect|bind with the DC/LDAP Server, apart from this one... therefore it is an issue with this server/subnet.
5. It does, however, work if I select the "connectionless" option (i.e. UDP as opposed to TCP)

Here is some info on the LDAP issue - not specifically an Exchange question, but if one of the experts here knows anything, please let me know!

I have a network with various subnets and on subnet 1 I have an Active Directory server providing LDAP. on subnets 2 and 3 I can connect to this ok using the ldp.exe command in Windows. However, when trying to connect to this from subnet 4 using ldp.exe and the default TCP connection it fails to return anything (error 94), however if I select the option to make it connectionless (UDP) then it works fine...??

The connection travels through an ISA server / Router to get to the LDAP Server, however this is set to allow all communications for these subnets, and allows other subnets to work fine (as they route through this too), including the ISA Server itself - all can connect/bind to the LDAP server.

I have now tested the server in question in each of the subnets - and it also works in these areas, so it appeared to just be this subnet that was at fault, so I have changed the IP range for this and it still has the same problem - I have also changed the hardware switch for this area, as I thought by some remote chance it could be this, though this also didn't make a difference. Having moved other servers into the subnet in question - these also cannot run dcdiag correctly due to the LDAP issue.

Can anyone shed some light on what this might be ?

Thanks
Damian

[ March 03, 2005, 06:44 PM: Message edited by: damber ]

(in reply to damber)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> DCDiag throws error: LDAP Bind failed with error 58 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter