Error messages after you install the BitLocker Drive Encryption schema updates in a Windows Server 2003 domain

Symptoms

You add BitLocker Drive Encryption schema updates in an Active Directory directory service forest. After you do this, you receive error messages that resemble the following in the System log on a Microsoft Windows Server 2003-based domain controller:

Error message 1
Event Type: Information


Event Source: NTDS General


Event Category: DS Schema


Event ID: 1464


Date: MM/DD/YYYY


Time: 6:18:43 PM


User: NT AUTHORITY\ANONYMOUS LOGON


Computer: ComputerName
Description:


While searching for an index, Active Directory detected that a new index is needed for the following attribute.





Attribute: msFVE-VolumeGuid


New index name: INDEX_LP_9A278FB0_2C0A

Error message 2
Event Type: Error


Event Source: NTDS General


Event Category: DS Schema


Event ID: 1136


Date: MM/DD/YYYY


Time: 6:20:39 PM


User: NT AUTHORITY\ANONYMOUS LOGON


Computer: ComputerName
Description:


Active Directory failed to create an index for the following attribute.





Attribute identifier: 2586283952


Attribute name: msFVE-VolumeGuid

These error messages occur as frequently as every five minutes. These errors are typically related to the msFVE-VolumeGuid schema object or to the msFVE-RecoveryGuid schema object.

Cause

This problem occurs if the following conditions are true:
  • The Active Directory domain that includes the BitLocker Drive Encryption schema updates contains Windows Server 2003-based domain controllers.
  • One or more of the Windows Server 2003-based domain controllers are configured to use one of the following language locales.
    Language - Country/RegionLocale ID HexadecimalLocale ID Decimal
    Arabic - Libya10014097
    Chinese - Singapore10044100
    German - Luxembourg10074103
    English - Canada10094105
    Arabic - Algeria14015121
    Chinese - Macao SAR14045124
    German - Liechtenstein14075127
    English - New Zealand14095129
    Arabic - Morocco18016145
    English - Ireland18096153
    Arabic - Oman20018193
    English - Jamaica20098201
    Arabic - Yemen24019217
    English - Caribbean24099225
    Arabic - Syria280110241
    English - Belize280910249
    Arabic - Lebanon300112289
    English - Zimbabwe300912297
    Arabic - Kuwait340113313
    English - Philippines340913321
    Arabic - U.A.E.380114337
    English - Indonesia380914345
    Arabic - Qatar400116385
    English - India400916393
    English - Malaysia440917417
    English - Singapore480918441
    Spanish - Guatemala100a4106
    French - Switzerland100c4108
    Croatian (Bosnia/Herzegovina)101a4122
    Spanish - Costa Rica140a5130
    French - Luxembourg140c5132
    Bosnian (Bosnia/Herzegovina)141A5146
    Spanish - Panama180a6154
    French - Monaco180c6156
    Arabic - Tunisia1c017169
    English - South Africa1c097177
    Spanish - Dominican Republic1c0a7178
    French - West Indies1c0c7180
    Spanish - Venezuela200a8202
    French - Reunion200c8204
    Spanish - Colombia240a9226
    French - Democratic Rep. of Congo240c9228
    Spanish - Peru280a10250
    French - Senegal280c10252
    Arabic - Jordan2c0111265
    English - Trinidad2c0911273
    Spanish - Argentina2c0a11274
    French - Cameroon2c0c11276
    Spanish - Ecuador300a12298
    French - Cote d'Ivoire300c12300
    Spanish - Chile340a13322
    French - Mali340c13324
    Spanish - Uruguay380a14346
    French - Morocco380c14348
    Arabic - Bahrain3c0115361
    English - Hong Kong SAR3c0915369
    Spanish - Paraguay3c0a15370
    French - Haiti3c0c15372
    Spanish - Bolivia400a16394
    Spanish - El Salvador440a17418
    Spanish - Honduras480a18442
    Spanish - Nicaragua4c0a19466
    Spanish - Puerto Rico500a20490
    Spanish - United States540a21514
    Spanish - Latin Americae40a58378
    French - North Africae40c58380
    For more information about multiple language support, click the following article number to view the article in the Microsoft Knowledge Base:

    325622 Plan and configure multiple language support in Exchange 2000


    Note To determine the language of a remote computer, examine the following registry subkey for the remote computer:
    HKEY_LOCAL_MACHINE\Software\Microsoft\NTDS\Language

Workaround

To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object. To do this, follow these steps:
  1. On a domain controller, click Start, click Run, type cmd, and then click OK.
  2. To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:
    netdom query fsmo
  3. Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.

    Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group.

  4. Click Start, click Run, type adsiedit.msc, and then click OK.

    Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site:
  5. Open the Schema container, and then open the folder that contains the schema objects.
  6. Double-click the msFVE-RecoveryGuid schema object.
  7. In the schema object dialog box, click searchFlags, and then click Edit.
  8. In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.
  9. Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.
Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.

More Information

For more information about how Active Directory searches work, visit the following Microsoft Web site: For more information about how to index an attribute for a containerized search, visit the following Microsoft Web site: To view the list of Locale ID (LCID) values that are assigned by Microsoft, visit the following Microsoft Web site: To obtain the BitLocker Drive Encryption schema, visit the following Microsoft Web site:
Propriedades

ID do Artigo: 932862 - Última Revisão: 22/10/2008 - Revisão: 1

Comentários