BUG: Windows 2000 LDAP API cannot bind to LDAP servers

This article was previously published under Q258811
This article has been archived. It is offered "as is" and will no longer be updated.
The Microsoft LDAP API (wldap32.dll) cannot access LDAP servers that are multi-homed and have more than 51 IP addresses registered. This problem prevents the Active Directory Administration tools from accessing multi-homed Windows 2000 Domain Controllers with more than 51 IP addresses

If you use ldap_open, it returns NULL in this case.

If you use ldap_init, then other ldap calls return ldap error:
ADSI's LDAP provider returns 0x80072037 from GetObject or OpenDsObject.

If the multi-homed server is a Windows 2000 Domain Controller, then the domain management tools Active Directory Users and Computers, Active Directory Domains and Trusts, and Active Directory Sites and Services report this error as:
Naming information cannot be located because: The server is not operational
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
The English version of this fix should have the following file attributes or later:
   Date       Time    Version        Size     File name   ------------------------------------------------------   4/24/2000  4:01pm  5.0.2195.2063  122,640  Wldap32.dll				

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 2.To work around this problem, remove enough IP addresses from the LDAP server so that the total number of IP addresses assigned to the LDAP server does not exceed 51.
More information
Note This problem does not pose a security or integrity risk to Windows 2000 Domain Controllers. If you reduce the number of IP addresses to be less than 51, the domain controller will be restored to full functionality.

Microsoft recommends deploying one or more additional domain controllers in a multi-homed environment to provide fault tolerance and to minimize downtime in the event of a server failure. A single domain controller acting as a multi-homed server (IP router) is a potential single point of failure.

Steps to reproduce the behavior

  1. Right-click on My Network Places and select Properties. Right-click on Local Area Connection for any interface, select Properties, select Internet Protocol, select Properties, and then select Advanced. Add enough IP addresses to make the total number of IP addresses assigned to the server equal 51.
  2. Verify that Active Directory is working correctly by starting Active Directory Users and Computers.
  3. Repeat step 1 and add one more IP address. Start the Active Directory Users and Computers again. You should see the following error message:
    Naming information cannot be located because: The server is not operational
    If you click OK button, the snap-in opens with no Active Directory objects displayed.

Article ID: 258811 - Last Review: 10/26/2013 07:38:00 - Revision: 5.0

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbhotfixserver kbqfe kbdswmanage2003swept kbbug kbfix KB258811
ERROR: at System.Diagnostics.Process.Kill() at Microsoft.Support.SEOInfrastructureService.PhantomJS.PhantomJSRunner.WaitForExit(Process process, Int32 waitTime, StringBuilder dataBuilder, Boolean isTotalProcessTimeout)