DSAccess is not using port 3268 for LDAP global catalog requests

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool queries the Exchange_DSAccessDC Microsoft Windows® Management Instrumentation (WMI) class in the ROOT\MicrosoftExchangeV2 name space to determine the value for the LDAPPort key. If the value for the LDAPPort key is not set to 3268, a non-default configuration message is displayed.

The LDAPPort key represents the TCP port number on which the domain controller listens for Lightweight Directory Access Protocol (LDAP) requests. Administrators can use LDAP over Secure Sockets Layer (SSL) on TCP port 636 (domain controller) or TCP port 3269 (global catalog) as a security measure.

By default, a global catalog server listens on port 3268 for LDAP communications. However, if an Enterprise certification authority is installed, all domain controllers automatically request a certificate and can support LDAP over SSL communications on TCP port 636. If the domain controller is also configured as a global catalog, it can also support LDAP over SSL communications on TCP port 3269.

For more information about DSAccess and LDAP ports, see the following Microsoft Knowledge Base articles: