LDAP Error Messages
This section provides help in resolving Lightweight Directory Access Protocol (LDAP) error messages.
Cannot Open LDAP Connection to Local Host or Run Admin Tools Error
The "Cannot open LDAP connection to local host or run admin tools" error message occurs because the administration tool could not contact Active Directory. This error may also be caused by DNS problems.
- Verify DNS for local, problem, or replica domain controllers.
LDAP Error 49
The LDAP error 49 occurs when the domain controller computer account may not be synchronized with the Key Distribution Center (KDC). Perform the following steps to resolve this error.
Verify DNS for local, problem, or replica domain controllers.
Stop or disable KDC.
Purge Kerberos Tickets, Kerbtray, and Klist.
Reset the computer password on the primary domain controller (PDC) emulator by using the following command:
Netdom resetpwd /server:PDCE /userd:ms\admin /passwordd:*
Synchronize Domain NC (from PDC emulator), Schema NC, and Configuration NC.
Restart KDC.
Create replication links NC (if required) and replicate inbound by using the following:
Repadmin /add CN=Configuration,DC=ms,DC=com rootdns.ms.com rootdc01.ms.com /u:ms\administrator /pw:*
Restart KDC.
Check userAcountControl Flag = 532480.
Determine consistency of unicodePwd
Time Difference/LDAP Error 82
The time difference/LDAP error 82 occurs when the KDC Skew is five minutes.
Sync time by using the following command:
Net Time \\Server /SET.
Replicate inbound.
.
RPC Server Not Available Error
You may receive an error that says the RPC server is unavailable when you perform any of the following server-based tasks:
Replication
Winlogon service
Enable trusted relationships
Connect to domain controllers
Connect to trusted domains
User authentication
The RPC server unavailable error can occur for the following reasons:
DNS problems
Time synchronization problem
RPC service is not running
Network connectivity problem
Check if the target is functioning.
Verify DNS for local, problem, or replica domain controllers.
Resolve DNS - DSA GUID by using the DNSLINT report.
Ensure that HKLM/SYSTEM/CCS/Services/Dnscache/Parameters/NegativeCacheTime:
Is set to (300 seconds) = (5 minutes).
High value prevents a domain controller from going to the DNS server.
Stop and then start the DNS client.
Ping DSA-GUID of the problem domain controller.
If the RPC service is not running, start the RPC service. If the RPC service is running, stop and start the RPC service. Also, verify network connectivity and resolve any issues.