Process %1 (PID=%2). An LDAP search call returned a referral – Server=%3 Error code=%4. Base DN=%5, Filter=%6, Scope=%7.

Details
Product: Exchange
Event ID: 2394
Source: MSExchangeDSAccess
Version: 6.5.7596.0
Message: Process %1 (PID=%2). An LDAP search call returned a referral – Server=%3 Error code=%4. Base DN=%5, Filter=%6, Scope=%7.
   
Explanation

This Error event indicates that the Exchange server is unable to process Light-weight Directory Access Protocol (LDAP) requests through Directory Service Access (DSAccess) to query Active Directory information on domain controllers or global catalog servers.

This event may be caused because internal Domain Name System (DNS) servers are also configured as external servers on the domain controllers or global catalog servers. Since internal DNS servers are also configured as external DNS servers, LDAP response time may be slow and queries may return null data.

Note   Active Directory uses DNS as its domain controller location mechanism and leverages the namespace design of DNS in the design of Active Directory domain names.

This error could mean that LDAP read time and overall access to domain controllers from back-end and front-end Exchange servers is slow. Clients could therefore have slow e-mail access.

Note   Directory Service Access (DSAccess) is a shared API that is used by multiple components in Exchange Server 2003 to query Active Directory and obtain both configuration and recipient information. In addition, DSAccess maintains a cache that is used to minimize the load on Active Directory by reducing the number of Lightweight Directory Access Protocol (LDAP) requests that individual components send to Active Directory servers.

   
User Action

To resolve this error, do one or more of the following:

  • Set up an internal DNS server that Exchange can send LDAP requests to.

  • Check that DNS servers on domain controllers or global catalog servers have proper Service Location (SRV) locator resource records and are responding to SRV location requests.

Note   The SRV record is used to map the name of a service (in this case, the LDAP service) to the DNS computer name of a server that offers that service. In a Windows Server 2003 network, an LDAP resource record locates a domain controller.

For more information about verifying SRV records on DNS servers running Windows Server 2003, see Microsoft Knowledge Base article 816587, How to verify that SRV DNS records have been created for a domain controller.

Related:

Leave a Reply