Article ID: 959215 - View products that this article applies to.
RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
Windows Server 2008 R2After you start AD LDS service for a particular instance, you may receive the following warning message in the event logs. If your AD LDS instance uses UDP for communication, this issue will block LDAP traffic over UDP on the port that is listed in the event message. However, unlike in Windows Server 2008, this issue will not prevent the service from starting, and LDAP traffic over TCP will still flow through this port.
Event ID: 2920
Windows Server 2008After you successfully install AD LDS, you may be unable to start the service, and an error message may be displayed. You may also receive following error message in the event logs:
Event ID: 1238
After security update 951746 is installed on Windows Server 2008 R2-based and Windows Server 2008-based computers, this issue occurs because the DNS server’s method of port allocation changes, and this change could prevent AD LDS from obtaining the port that it requires to function correctly.
By default, after security update 951746 is installed, the DNS server randomly allocates 2,500 UDP ports in the ephemeral port range. A conflict may occur if one of these randomly allocated ports is a port that an AD LDS instance has to use.
Because these ports are randomly allocated, these failures can be intermittent and are likely to occur in the following scenarios:
To work around this issue for Windows Server 2008 R2 and for Windows Server 2008, follow these steps:
Microsoft has confirmed that this is a problem in the Active Directory Lightweight Directory Services.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
956188If the Active Directory domain controller role is not installed on a computer, ADAM setup will auto-fill the LDAP and SSL port fields by using the values 389 and 636, respectively. If the Active Directory domain controller role is installed, ADAM auto fills the LDAP and SSL port fields by using 50000 for LDAP and with 50001 for SSL. Because the MS08-037 version of DNS server grabs 2,500 ports in the high-port range and typically starts before the AD LDS service starts, in Windows Server 2008, that AD LDS installation will not prevent you from using these ports, and the AD LDS service start fails.
(http://support.microsoft.com/kb/956188/ )You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037)
In Windows Server 2008 R2, AD LDS installation will recognize ports that are unavailable (And this includes those ports that DNS allocates), and the AD LDS installation will auto fill appropriate ports that are currently not being used. The AD LDS installation will not let you choose a port that is taken by another service for an AD LDS instance.
Multiple instances of AD LDS (ADAM) can be installed on one computer. Therefore, if you have more than 2 AD LDS instances on your computer, you will be covering more ports than the defaults (389, 636 and 50000, 50001).
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Contact us for more help
Connect with Answer Desk for expert help.