Error messages after you install the BitLocker Drive Encryption schema updates in a Windows Server 2003 domain

Article translations Article translations
Article ID: 932862 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

You add BitLocker Drive Encryption schema updates in an Active Directory directory service forest. After you do this, you receive error messages that resemble the following in the System log on a Microsoft Windows Server 2003-based domain controller:

Error message 1
Event Type: Information
Event Source: NTDS General
Event Category: DS Schema
Event ID: 1464
Date: MM/DD/YYYY
Time: 6:18:43 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ComputerName
Description:
While searching for an index, Active Directory detected that a new index is needed for the following attribute.

Attribute: msFVE-VolumeGuid
New index name: INDEX_LP_9A278FB0_2C0A
Error message 2
Event Type: Error
Event Source: NTDS General
Event Category: DS Schema
Event ID: 1136
Date: MM/DD/YYYY
Time: 6:20:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ComputerName
Description:
Active Directory failed to create an index for the following attribute.

Attribute identifier: 2586283952
Attribute name: msFVE-VolumeGuid
These error messages occur as frequently as every five minutes. These errors are typically related to the msFVE-VolumeGuid schema object or to the msFVE-RecoveryGuid schema object.

CAUSE

This problem occurs if the following conditions are true:
  • The Active Directory domain that includes the BitLocker Drive Encryption schema updates contains Windows Server 2003-based domain controllers.
  • One or more of the Windows Server 2003-based domain controllers are configured to use one of the following language locales.
    Collapse this tableExpand this table
    Language - Country/RegionLocale ID HexadecimalLocale ID Decimal
    Arabic - Libya10014097
    Chinese - Singapore10044100
    German - Luxembourg1007 4103
    English - Canada 10094105
    Arabic - Algeria1401 5121
    Chinese - Macao SAR 1404 5124
    German - Liechtenstein 1407 5127
    English - New Zealand 1409 5129
    Arabic - Morocco 1801 6145
    English - Ireland 1809 6153
    Arabic - Oman 2001 8193
    English - Jamaica 2009 8201
    Arabic - Yemen 2401 9217
    English - Caribbean 2409 9225
    Arabic - Syria 280110241
    English - Belize 2809 10249
    Arabic - Lebanon 3001 12289
    English - Zimbabwe 3009 12297
    Arabic - Kuwait 3401 13313
    English - Philippines 3409 13321
    Arabic - U.A.E. 380114337
    English - Indonesia 3809 14345
    Arabic - Qatar 400116385
    English - India 4009 16393
    English - Malaysia 440917417
    English - Singapore 4809 18441
    Spanish - Guatemala 100a 4106
    French - Switzerland 100c 4108
    Croatian (Bosnia/Herzegovina) 101a 4122
    Spanish - Costa Rica 140a 5130
    French - Luxembourg 140c 5132
    Bosnian (Bosnia/Herzegovina) 141A 5146
    Spanish - Panama 180a 6154
    French - Monaco 180c 6156
    Arabic - Tunisia 1c01 7169
    English - South Africa 1c09 7177
    Spanish - Dominican Republic 1c0a 7178
    French - West Indies 1c0c 7180
    Spanish - Venezuela 200a 8202
    French - Reunion 200c 8204
    Spanish - Colombia 240a 9226
    French - Democratic Rep. of Congo 240c 9228
    Spanish - Peru 280a 10250
    French - Senegal 280c 10252
    Arabic - Jordan 2c01 11265
    English - Trinidad 2c09 11273
    Spanish - Argentina 2c0a 11274
    French - Cameroon 2c0c 11276
    Spanish - Ecuador 300a 12298
    French - Cote d'Ivoire 300c 12300
    Spanish - Chile 340a 13322
    French - Mali 340c 13324
    Spanish - Uruguay 380a 14346
    French - Morocco 380c 14348
    Arabic - Bahrain 3c01 15361
    English - Hong Kong SAR 3c09 15369
    Spanish - Paraguay 3c0a 15370
    French - Haiti 3c0c 15372
    Spanish - Bolivia 400a 16394
    Spanish - El Salvador 440a 17418
    Spanish - Honduras 480a 18442
    Spanish - Nicaragua 4c0a 19466
    Spanish - Puerto Rico 500a 20490
    Spanish - United States 540a 21514
    Spanish - Latin America e40a 58378
    French - North Africa e40c 58380
    For more information about multiple language support, click the following article number to view the article in the Microsoft Knowledge Base:
    325622 Plan and configure multiple language support in Exchange 2000

    Note To determine the language of a remote computer, examine the following registry subkey for the remote computer:
    HKEY_LOCAL_MACHINE\Software\Microsoft\NTDS\Language

WORKAROUND

To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object. To do this, follow these steps:
  1. On a domain controller, click Start, click Run, type cmd, and then click OK.
  2. To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:
    netdom query fsmo
  3. Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.

    Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group.
  4. Click Start, click Run, type adsiedit.msc, and then click OK.

    Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site:
    http://go.microsoft.com/fwlink/?LinkID=70775
  5. Open the Schema container, and then open the folder that contains the schema objects.
  6. Double-click the msFVE-RecoveryGuid schema object.
  7. In the schema object dialog box, click searchFlags, and then click Edit.
  8. In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.
  9. Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.
Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.

MORE INFORMATION

For more information about how Active Directory searches work, visit the following Microsoft Web site:
http://technet2.microsoft.com/WindowsServer/en/library/8196d68e-776a-4bbc-99a6-d8c19f36ded41033.mspx?mfr=true
For more information about how to index an attribute for a containerized search, visit the following Microsoft Web site:
http://technet2.microsoft.com/WindowsServer/en/library/ba98e0f3-2290-40ee-b964-c59a26588ce31033.mspx?mfr=true
To view the list of Locale ID (LCID) values that are assigned by Microsoft, visit the following Microsoft Web site:
http://www.microsoft.com/globaldev/reference/lcid-all.mspx
To obtain the BitLocker Drive Encryption schema, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=3a207915-dfc3-4579-90cd-86ac666f61d4&DisplayLang=en

Properties

Article ID: 932862 - Last Review: October 11, 2007 - Revision: 2.5
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
Keywords: 
kbtshoot kbexpertiseinter kbprb KB932862

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com