Microsoft KB Archive/261203

= Error Messages When Windows 2000 Client in Windows 2000 Domain Attempts to Open Active Directory Snap-in =

Article ID: 261203

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q261203



SYMPTOMS
A Windows 2000 client in a Windows 2000 domain may not be able to open any Active Directory snap-ins. When the client attempts to open a snap-in, the following error messages may be displayed:

Active Directory Domains and Trusts: &quot;The configuration information describing this enterprise is not available. Unspecified error.&quot;

Active Directory Sites and Services: &quot;Naming information cannot be located because: Unspecified error. Contact your system administrator to verify that your domain is properly configured and is currently online.&quot;

Active Directory Users and Computers: &quot;Naming information cannot be located because: Unspecified error. Contact your system administrator to verify that your domain is properly configured and is currently online.&quot;

Certification Authority: &quot;The specified service does not exist as an installed service. 0x424 (1060)&quot;

This problem can occur if the domain controller is running Routing and Remote Access (RRAS) with Network Address Translation (NAT) configured, or if the client is running Internet Connection Sharing (ICS).



CAUSE
This behavior occurs because of the H.323/Lightweight Directory Access Protocol (LDAP) proxy service that is included with NAT and ICS. The proxy misinterprets the query and causes the TCP reset.

The H.323/LDAP proxy service allows NAT/ICS clients to participate in H.323 and Microsoft NetMeeting conference calls and register themselves with an Internet Locator Service (ILS) server using LDAP from behind the NAT/ICS router.

The root cause of these error messages is that the LDAP proxy that is incorporated into NAT has a hard-coded limit of 64 KB on the LDAP protocol data unit (PDU) size. When domain-related LDAP traffic (which is often 300 KB or more in size) exceeds this limit, the H.323/LDAP proxy resets the connection.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack



WORKAROUND
To work around this issue if you are using RRAS and NAT, use either of the following methods:  After the server is started, stop and restart the RRAS service. This resolves the issue until the next time you restart the computer. A more permanent solution is to turn off the LDAP proxy (this action also turns off the H.323 proxy support). To turn off the LDAP proxy, type the following command at a command prompt:

netsh routing ip nat delete h323

For ICS users, you must implement RRAS in place of ICS because it is not possible to disable the LDAP proxy in ICS. If you need to turn the H.323 proxy back on, type the following command at a command prompt:

netsh routing ip nat add h323

NOTE: This action enables the LDAP proxy again, which results in the error message.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

This problem was first corrected in Windows 2000 Service Pack 1.

Additional query words: mmc

Keywords: kbbug kbenv kberrmsg kbfix kbwin2000sp1fix KB261203

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.