Yeah, that is the conclusion that I have come to as well. I am
undergoing my ADRAP right now and I asked Kurt Falde the same question
and he pretty much told me that the server has gotta be bounced if none
of those tools help.
Thanks,
Nate
-Original Message-
From: [EMAIL PROTECTED]
Hi,
We are trying to set up secure LDAP queries
from the outside to AD for pulling email addresses but are running into an
issue. Port 636 has been opened up to our DCs but we get a 0x51 error
like the one shown below in this example of using adfind:
adfind -h dc1.abc.com:636 -u
David, I think you just about have to come up with another method. You mentioned earlier that your account lockout policies will unlock the account after a period of time meaning that, as JoeK pointed out, you'd have to constantly hit the account with bad attempts. That would certainly negate any
Check the firewall rules to ensure they are correct. Are the packets
even getting to the DC? Personally I doubt it.
M@
On 8/22/06, Thommes, Michael M. [EMAIL PROTECTED] wrote:
Hi,
We are trying to set up secure LDAP queries from the outside to AD for
pulling email addresses but are
Hey Mike,
When you say It works fine behind
our firewall, are you meaning that the *exact same* command line works and you get the object
returned?
I tried using adfind to connect to my test
DC using port 636 and got the exact same errorbut I dont have a
cert installed on my DC so Id
Thommes, Michael M. wrote:
Hi,
We are trying to set up secure LDAP queries from the outside to AD
for pulling email addresses but are running into an issue. Port 636 has
been opened up to our DCs but we get a 0x51 error like the one shown
below in this example of using “adfind”:
Hi Robert,
Yes, the command is *exactly* the same. We are thinking
that our CRL location is not available outside of the firewall. We
generate our own certificates; we dont use a well known
provider.
Mike Thommes
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Al et. al.,
Yes, I definitely have some additional avenues to look down. The
original plan was to set the lockout bit, that didn't work. Next was to
set the lockoutTime to some future point in time with the anticipation that the
lockout bit will set itself, I have not had time yet to test
Mike,
Ive been thinking of this answer
for a bit but had to research more to get the info I needed. I wish my
knowledge of Certificates was better, but it would seem there is a way to have
the client log something somewhere saying it cant get to the CRL.maybe
one of the smart folks will
I hate troubleshooting SSL but here it
goes...
First, have you installed the Cert Chain on the machine you
are querying AD from?
Second, is the DNS name of the DC you querying exactly what
is in the DCs cert?
I don't think you need anything open other than 636. The
way the MSFT LDAP API
Areyou publishing a CRL? If so then it must use the path to
theCRL that's specified in the certificate or it bombs out (latency to the
hosting CRL serverwill kill it too..forgot the exact value). Why do you
need CRL checking on your DC's? Doesn't that make you question who is on your
DC's
You cannot remove a CDP extension from a specific
template - it is configured for all certs issued from the issuing
CA.
If he plans to have clients from outside his
network access the DC's of LDAPS - he should reconfigure the CA to include a CDP
which is available outside of his network.
Hi,
I have 2 emails server in 2 different
locations.
All the sudden emails are not coming from
one server to the other, I found out that smtp queue folder was in a hard
drive that was running out of space.
Do you guys know what is the minimum
amount of HD space needed for the smtp
The recent discussion of LDAP queries from the outside brings to mind a
question regarding FERPA for those of us working in the education arena.
See http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
How do you deal with hiding directory data for individuals who have
elected to not have
minimum amount of HD space needed for the smtp to work?
It depends mostly on how busy is the server.
Also, if the hard drive gets full will that stop the queue from delivering the emails?
Of course.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) //
Thanks very much, I think my second question
was very easy J but wanted to confirm it.
The problem now is that we have 500 mg in
the hard drive but the smtp queue is still not delivering the emails from one
server to the other.
We have 2 emails servers, one holds domain1.com
and the
Just to add my $0.04 worth:
By the time you ask what's the minimum, it's usually too late and not enough. The SMTP queue drive should, as a general rule, not get below 10% free space. The way the product works, every smtp message is accepted then acted upon. What that means to you is that SMTP
Have you seen this already?
http://support.microsoft.com/kb/821910/
On 8/22/06, Ramon Linan [EMAIL PROTECTED] wrote:
Thanks very much, I think my second question was very easy
J but wanted to confirm it.
The problem now is that we have 500 mg in the hard drive but the smtp queue is still
I dont guess I ever thought about moving
mailroot, but that is a really good idea. Heres an article that tells how to
do it just so no one has to go looking..
http://support.microsoft.com/?kbid=822933
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick
Thanks, I will start theremy biggest
problem is that I am new in this job and I still dont know how they have the
exchange servers configured, something that I am seeing in the event log is the
error
Event id 3017
A non-delivery report with a
status code of 5.3.5 was generated for
Obviously if the server is running out of space make sure
you remediate that first. Second, I would recommend ifServerA cannot
send to ServerB, but the reverse is NOT true, then I would suggest trying basic
SMTP commands toServerA from ServerB.Check the
following:
1) Is the server
It all depend on the smtp traffic your company has...
And how fast you server process mail..
in the MS doc "ExchangeServer 2003 Design and Architecture at Microsoft "
MS use a 50GB partition to hold the SMTP Queue.
In my opnion, it also depends who sends mail to the internet.
If you have a
Just to add that they also put 5000 Mailboxes of 250MB on the server.
50GB / 5000 mailboxes = 10,24 MB of smtp queue/mailbox on average.
Of course you will want a minimum size, anyway the number of mailboxes!
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Tuesday, August 22,
Thank everyone for the responseI am
going nuts here, everything is a mess.
For some reason I cant telnet into domain1
email server from domain2 , not only that , domain1 has 2 smtp server, one in
the port 6000 and the other in the port 25. Also I send an email to my personal
account
Here's what we do:
1. Have a script that goes through all users in the FERPA OU and remove the
ACE for Authenticated Users.
2. The account provisiong system uses a GUID for the CN instead of the
standard First+Last or username. This is necessary because even with step 1
you can still list the
This might be already tried, but did you
try running pkiview.msc from the machine? This checks the
availability of the CRL from the current client against the CRL locations of
http and/or AD.
I had an issue awhile back when trying to read a
http based CRL, that it could not connect due to
26 matches
Mail list logo