You receive a “The server was unable to decode a search request filter” error message when you run an LDAP query that uses the extensibleMatch search filter in Windows Server 2003 and Windows 2000 Server

Article translations Article translations
Article ID: 872957 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you perform an LDAP search that uses the extensibleMatch search filter to search the Active Directory objects of a Microsoft Windows Server 2003 or Windows 2000 Server-based computer, you may receive the following error message:
The server was unable to decode a search request filter.

CAUSE

This problem occurs when Active Directory processes an LDAP search request that does not explicitly specify the dnAttributes of the extensibleMatch filter. If you use the default value in the dnAttributes field, you do not have to explicitly specify the dnAttributes value in the search request. The default value for the dnAttributes field is set as FALSE. Active Directory omits the dnAttributes field when processing an LDAP search request if the dnAttributes field is not specified explicitly.

RESOLUTION

Windows Server 2003 hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart Requirement

You do not have to restart your computer after you apply this hotfix.

Hotfix Replacement Information

This hotfix does not replace any other hotfixes.

File Information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows Server 2003, 32-Bit editions
   Date         Time   Version             Size  File name
   ---------------------------------------------------------
   11-Aug-2004  00:34  5.2.3790.198   1,531,904  Ntdsa.dll        
   11-Aug-2004  00:34  5.2.3790.196      32,768  Ntdsatq.dll      
   05-Aug-2004  18:26  5.2.3790.197      59,392  Ws03res.dll
Windows Server 2003, 64-Bit editions
   Date         Time   Version             Size  File name     Platform
   --------------------------------------------------------------------
   10-Aug-2004  11:37  5.2.3790.198   4,055,552  Ntdsa.dll     IA-64
   10-Aug-2004  11:37  5.2.3790.196      82,432  Ntdsatq.dll   IA-64
   05-Aug-2004  05:57  5.2.3790.197      58,880  Ws03res.dll   IA-64
   05-Aug-2004  05:56  5.2.3790.197      59,392  Wws03res.dll  x86

Windows 2000 hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

This hotfix requires Windows 2000 Service Pack 4 (SP4).

Restart Requirement

You have to restart the DNS Server service after you apply this hotfix.

Hotfix Replacement Information

This hotfix does not replace any other hotfixes.

File Information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version             Size  File name
   ----------------------------------------------------------
   24-Mar-2004  02:17  5.0.2195.6876    388,368  Advapi32.dll     
   24-Mar-2004  02:17  5.0.2195.6866     69,904  Browser.dll      
   24-Mar-2004  02:17  5.0.2195.6824    134,928  Dnsapi.dll       
   24-Mar-2004  02:17  5.0.2195.6876     92,432  Dnsrslvr.dll     
   24-Mar-2004  02:17  5.0.2195.6883     47,888  Eventlog.dll     
   24-Mar-2004  02:17  5.0.2195.6890    143,632  Kdcsvc.dll       
   11-Mar-2004  02:37  5.0.2195.6903    210,192  Kerberos.dll     
   21-Sep-2003  00:32  5.0.2195.6824     71,888  Ksecdd.sys
   11-Mar-2004  02:37  5.0.2195.6902    520,976  Lsasrv.dll       
   25-Feb-2004  23:59  5.0.2195.6902     33,552  Lsass.exe        
   19-Jun-2003  20:05  5.0.2195.6680    117,520  Msv1_0.dll       
   24-Mar-2004  02:17  5.0.2195.6897    312,592  Netapi32.dll     
   19-Jun-2003  20:05  5.0.2195.6695    371,984  Netlogon.dll     
   11-Aug-2004  00:21  5.0.2195.6967    933,648  Ntdsa.dll        
   24-Mar-2004  02:17  5.0.2195.6897    388,368  Samsrv.dll       
   24-Mar-2004  02:17  5.0.2195.6893    111,376  Scecli.dll       
   24-Mar-2004  02:17  5.0.2195.6903    253,200  Scesrv.dll       
   04-Jun-2004  23:13  5.0.2195.6935  5,887,488  Sp3res.dll       
   24-Mar-2004  02:17  5.0.2195.6824     50,960  W32time.dll      
   21-Sep-2003  00:32  5.0.2195.6824     57,104  W32tm.exe

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The extensibleMatch search filter is a new search filter that is included in LDAP version 3. The extensibleMatch search filter uses four fields. Two of the fields are optional and one field is a BOOLEAN field that has a default value. The extensibleMatch search filter fields are defined as follows:
  • type - An optional field that is used to specify an attribute.
  • matchingRule - An optional field that is used to specify a matching rule.
  • matchValue - A field that is used to specify the value that is to be searched.
  • dnAttributes - A BOOLEAN field that returns the status of an LDAP search. If the LDAP search is successful, the dnAttributes field returns TRUE. If the LDAP search fails, the dnAttributes field returns FALSE. The default value for this field is set as FALSE.

For example, consider the following text string:
:dn:2.4.6.8.10:=Sample Entry
In this sample, :dn is the attribute name, 2.4.6.8.10 is the matching rule, and Sample Entry is the name of the value that is to be searched in Active Directory.

For additional information about LDAP search filters, see the following Computer Science and Engineering (CSE) Web site:
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2254.html
For additional information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For additional information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 872957 - Last Review: July 24, 2007 - Revision: 1.10
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
Keywords: 
kbautohotfix kbqfe kbhotfixserver kbwinserv2003presp1fix KB872957

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com