Error Messages When Windows 2000 Client in Windows 2000 Domain Attempts to Open Active Directory Snap-in

Article translations Article translations
Article ID: 261203 - View products that this article applies to.
This article was previously published under Q261203
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

Symptoms

A Windows 2000 client in a Windows 2000 domain may not be able to open any Active Directory snap-ins. When the client attempts to open a snap-in, the following error messages may be displayed:
Active Directory Domains and Trusts: "The configuration information describing this enterprise is not available. Unspecified error."

Active Directory Sites and Services: "Naming information cannot be located because: Unspecified error. Contact your system administrator to verify that your domain is properly configured and is currently online."

Active Directory Users and Computers: "Naming information cannot be located because: Unspecified error. Contact your system administrator to verify that your domain is properly configured and is currently online."

Certification Authority: "The specified service does not exist as an installed service. 0x424 (1060)"
This problem can occur if the domain controller is running Routing and Remote Access (RRAS) with Network Address Translation (NAT) configured, or if the client is running Internet Connection Sharing (ICS).

Cause

This behavior occurs because of the H.323/Lightweight Directory Access Protocol (LDAP) proxy service that is included with NAT and ICS. The proxy misinterprets the query and causes the TCP reset.

The H.323/LDAP proxy service allows NAT/ICS clients to participate in H.323 and Microsoft NetMeeting conference calls and register themselves with an Internet Locator Service (ILS) server using LDAP from behind the NAT/ICS router.

The root cause of these error messages is that the LDAP proxy that is incorporated into NAT has a hard-coded limit of 64 KB on the LDAP protocol data unit (PDU) size. When domain-related LDAP traffic (which is often 300 KB or more in size) exceeds this limit, the H.323/LDAP proxy resets the connection.

Resolution

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Workaround

To work around this issue if you are using RRAS and NAT, use either of the following methods:
  • After the server is started, stop and restart the RRAS service. This resolves the issue until the next time you restart the computer.
  • A more permanent solution is to turn off the LDAP proxy (this action also turns off the H.323 proxy support). To turn off the LDAP proxy, type the following command at a command prompt:
    netsh routing ip nat delete h323
    For ICS users, you must implement RRAS in place of ICS because it is not possible to disable the LDAP proxy in ICS. If you need to turn the H.323 proxy back on, type the following command at a command prompt:
    netsh routing ip nat add h323
    NOTE: This action enables the LDAP proxy again, which results in the error message.

Status

Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

This problem was first corrected in Windows 2000 Service Pack 1.

Properties

Article ID: 261203 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnosurvey kbarchive kbbug kbenv kberrmsg kbfix kbwin2000sp1fix KB261203

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com