Could not establish a signed or encrypted Kerberos LDAP connection to the server
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this alert, if you are using Microsoft Operations Manager 2005, do one or more of the following:
From the Operator Console, select this alert, and then click the Properties tab. Review the description of the alert that includes the variables specific to your environment.
From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description. Review the events that have been logged that meet the criteria of this Operations Manager alert.
To learn more about this alert, if you are using System Center Operations Manager 2007, do one or more of the following:
From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.
From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the events that have been logged that meet the criteria of this Operations Manager alert.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
8339;8360 |
Event Source |
MSExchangeAL |
Alert Type |
Critical Error |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Mailbox/System Attendant |
MOM Rule Name |
Could not establish a signed or encrypted Kerberos LDAP connection to the server. The domain controller is not running Windows 2000 SP3 or later. |
Explanation
This alert indicates that the Exchange server coulde not establish a signed or encrypted Kerberos Lightweight Directory Access Protocol (LDAP) connection to the domain controller specified in the event description.
Event 8339 indicates that the Exchange server could not establish a signed Kerberos LDAP connection to the domain controller because the domain controller was not running the required version of Windows Server.
Event 8360 indicates that the Exchange server could not establish an encrypted Kerberos LDAP connection to the domain controller specified in the event description because the domain controller was not running the required version of Microsoft Exchange Server.
Microsoft Exchange Server 2007 requires at least one Windows Server 2003 Service Pack 1 global catalog server in every Windows site to support Active Directory change notification.
User Action
To resolve this alert, do one or more of the following:
Review the System and Application event logs for related events. For example, events that occur immediately before and after this event may provide more information about the root cause of this error.
Upgrade the server specified in the error to the required version of Windows Server.
If you cannot resolve this error, or experience other problems or mail flow interruptions in your Exchange environment, contact Microsoft Product Support Services. For information about contacting support, visit the Microsoft Help and Support Web site.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.