Thanks Pete.
Just in case anyone else is interested, I followed up with a MSFT CSS/PSS contact - this is indeed an issue being tracked and could affect "larger" customers. If you've got more than a thousand mail-enabled objects, you might want to hold off on installing MS08-03 (if you haven't already)! Here is my blog post on it, containing a tiny bit of additional information: http://theessentialexchange.com/blogs/michael/archive/2008/02/26/problem-bet ween-exchange-2007-and-ms08-03.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Kretche, Peter [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 26, 2008 5:01 PM To: MS-Exchange Admin Issues Subject: KB943484 (MS08-003) issue Anyone noticed this on their Exchange 2007 server(s)? Active Directory operation failed for <DC FQDN>. This error have been caused by user input or by the Active Directory server being unavailable. Please retry at a later time. Additional information: The directory service encountered an unknown failure. Active Directory response: 000020EF: SvcErr: DSID-020A0EA3, problem 5005 (UNALBE_TO_PROCEED), data 87. It was running command 'get-recipient -ResultSize '10000' -SortBy 'DisplayName' -RecipientType 'Usermailbox". If so, check your DC's for the February MS08-003 security patch KB943484. This patch limits the LDAP query capability to prevent DoS attacks. Apparently MS forgot to test Exchange 2007 against this patch. The patch is gone back in for some re-work and will be made available again sometime in March with the ability to change a reg value for the number of objects returned. I'm in no way advocating removing KB943484, just sharing information to keep fellow admins from pulling out their hair like I did today. ------------------------------------------------- Thank you, Pete Kretche MCP, A+ Network Systems Administrator UW - Green Bay Voice: 920.465.5014 Fax: 920.465.2864 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
