Microsoft KB Archive/323542

= You Cannot Start the Active Directory Users and Computers Tool Because the Server Is Not Operational =

Article ID: 323542

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2

-



This article was previously published under Q323542



SYMPTOMS
Any of the following symptoms may occur:  When you try to start the Active Directory Users and Computers tool, you receive the following error message:

Naming Information cannot be located because:

The Server is not operational.

Contact your system administrator to verify that your domain is properly configured and is currently online.

 When you try to start the Active Directory Sites and Services tool, you receive the following error message:

Naming Information cannot be located because:

The server is not operational.

Contact your system administrator to verify that your domain is properly configured and is currently online.

 When you try to start the Active Directory Domains and Trusts tool, you receive the following error message:

The configuration information describing this enterprise is not available.

The server is not operational.

 Logon processing is very slow. If you have multiple domain controllers, you can connect with the Active Directory Users and Computers tool to another domain controller that has port 389 open without receiving an error message. But you cannot access a domain controller until port 389 is opened.



CAUSE
These issues may occur if TCP/IP filtering is configured to permit only port 80 for TCP/IP traffic.



RESOLUTION
Port 389 is used for Lightweight Directory Access Protocol (LDAP) connections. This port is blocked if TCP/IP filtering is configured incorrectly. By default, TCP/IP filtering is configured with the Permit All setting. To verify and correct this setting:
 * 1) Right-click My Network Places on the domain controller on which you cannot start Active Directory Users and Computers, and then click Properties.
 * 2) Click Internet Protocol, and then click Properties.
 * 3) Click Advanced.
 * 4) Click Options.
 * 5) Click TCP/IP Filtering, and then click Properties.
 * 6) For the TCP/IP Port setting, click Permit All.
 * 7) Restart the computer. This opens all TCP ports, including port 389.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

<div class="moreinformation_section">

MORE INFORMATION
For additional information about TCP/IP filtering, click the article number below to view the article in the Microsoft Knowledge Base:

309798 HOW TO: Configure TCP/IP Filtering in Windows 2000

Keywords: kberrmsg kbprb KB323542

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.