DSAccess LdapKeepAliveSecs registry parameter is non-default

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Directory Service Access (DSAccess) has been configured to use the Lightweight Directory Access Protocol (LDAP) Microsoft Windows® operating system implementation (wLDAP) protocol:

HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess\ LdapKeepAliveSecs

If the Exchange Server Analyzer finds that LdapKeepAliveSecs is present and configured with a value of 0, a non-default configuration message is displayed.

After DSAccess discovers the Active Directory® directory service topology, it determines whether the discovered list of working domain controllers and global catalog servers is suited for use. During initial discovery and ongoing rediscovery, DSAccess determines server suitability by running a series of tests. By default, one of the suitability tests uses the Internet Control Message Protocol (ICMP) to ping domain controllers to verify that the servers are available.

Not all connections in your network may support ICMP. A specific example of this situation is in a perimeter network where ICMP connectivity between the Exchange server and domain controllers is not permitted. For these cases, setting the LdapKeepAliveSecs registry parameter to 0 will force DSAccess to use the Windows implementation of LDAP (wLDAP) for suitability tests.

If the Exchange server that generated the non-default configuration message is in a perimeter network where remote procedure call (RPC) is disabled or in a network where ICMP is not allowed, you should keep the LdapKeepAliveSecs key configured as it is. Otherwise, you should delete the key.

This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Delete the value called LdapKeepAliveSecs.

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).

For more information about the LdapKeepAliveSecs registry key, see the Knowledge Base article 320529, "XADM: Using DSAccess in a Perimeter Network Firewall Scenario Requires a Registry Key Setting" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=320529).


Community Additions