DSAccess LdapKeepAliveSecs registry parameter is set to non-supported value
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Directory Service Access (DSAccess) has been configured to use the Lightweight Directory Access Protocol (LDAP) Microsoft Windows® operating system implementation (wLDAP) protocol:
HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess\ LdapKeepAliveSecs
If the Exchange Server Analyzer finds that LdapKeepAliveSecs is present and configured with a value other than 0, a warning is displayed.
After DSAccess discovers the Active Directory® directory service topology, it determines whether the discovered list of working domain controllers and global catalog servers is suited for use. During initial discovery and ongoing rediscovery, DSAccess determines server suitability by running a series of tests. By default, one of the suitability tests uses the Internet Control Message Protocol (ICMP) to ping domain controllers to verify that the servers are available.
Not all connections in your network may support ICMP. A specific example of this situation is in a perimeter network where ICMP connectivity between the Exchange server and domain controllers is not permitted. For these cases, setting the LdapKeepAliveSecs registry parameter to 0 will force DSAccess to use wLDAP for suitability tests.
If the Exchange server that generated this warning is in a perimeter network where remote procedure call (RPC) is disabled or in a network where ICMP is not allowed, set the LdapKeepAliveSecs key to 0. Otherwise, you should delete the key. Any value that is not zero is not a supported value for this registry key.
Important
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.
To modify the LdapKeepAliveSecs key
Open a registry editor, such as Regedit.exe or Regedt32.exe.
Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess
Double-click the LdapKeepAliveSecs key, and set the DWORD value to 0 (zero).
Close the registry editor. You do not have to restart any services to make the change take effect.
To delete the LdapKeepAliveSecs key
Open a registry editor, such as Regedit.exe or Regedt32.exe.
Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess
Delete the value called LdapKeepAliveSecs.
Close the registry editor. You do not have to restart any services to make the change take effect.
Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).
For more information about the LdapKeepAliveSecs registry key, see the Knowledge Base article 320529, "XADM: Using DSAccess in a Perimeter Network Firewall Scenario Requires a Registry Key Setting" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=320529).