Microsoft KB Archive/932862

= Error messages after you install the BitLocker Drive Encryption schema updates in a Windows Server 2003 domain =

Article ID: 932862

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition

-



SYMPTOMS
You add BitLocker Drive Encryption schema updates in an Active Directory directory service forest. After you do this, you receive error messages that resemble the following in the System log on a Microsoft Windows Server 2003-based domain controller:

Error message 1

Event Type: Information

Event Source: NTDS General

Event Category: DS Schema

Event ID: 1464

Date:

Time: 6:18:43 PM

User: NT AUTHORITY\ANONYMOUS LOGON

Computer:

Description:

While searching for an index, Active Directory detected that a new index is needed for the following attribute.

Attribute: msFVE-VolumeGuid

New index name: INDEX_LP_9A278FB0_2C0A

Error message 2

Event Type: Error

Event Source: NTDS General

Event Category: DS Schema

Event ID: 1136

Date:

Time: 6:20:39 PM

User: NT AUTHORITY\ANONYMOUS LOGON

Computer:

Description:

Active Directory failed to create an index for the following attribute.

Attribute identifier: 2586283952

Attribute name: msFVE-VolumeGuid

These error messages occur as frequently as every five minutes. These errors are typically related to the msFVE-VolumeGuid schema object or to the msFVE-RecoveryGuid schema object.



CAUSE
This problem occurs if the following conditions are true:  The Active Directory domain that includes the BitLocker Drive Encryption schema updates contains Windows Server 2003-based domain controllers. One or more of the Windows Server 2003-based domain controllers are configured to use one of the following language locales.

For more information about multiple language support, click the following article number to view the article in the Microsoft Knowledge Base:

325622 Plan and configure multiple language support in Exchange 2000

Note To determine the language of a remote computer, examine the following registry subkey for the remote computer:





WORKAROUND
To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object. To do this, follow these steps:  On a domain controller, click Start, click Run, type cmd, and then click OK. To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:

netdom query fsmo

 Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.

Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group. Click Start, click Run, type adsiedit.msc, and then click OK.

Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=70775

</li> Open the Schema container, and then open the folder that contains the schema objects.</li> Double-click the msFVE-RecoveryGuid schema object.</li> In the schema object dialog box, click searchFlags, and then click Edit.</li> In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.</li> Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.</li></ol>

Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.

<div class="moreinformation_section">

MORE INFORMATION
For more information about how Active Directory searches work, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/library/8196d68e-776a-4bbc-99a6-d8c19f36ded41033.mspx?mfr=true

For more information about how to index an attribute for a containerized search, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/library/ba98e0f3-2290-40ee-b964-c59a26588ce31033.mspx?mfr=true

To view the list of Locale ID (LCID) values that are assigned by Microsoft, visit the following Microsoft Web site:

http://www.microsoft.com/globaldev/reference/lcid-all.mspx

To obtain the BitLocker Drive Encryption schema, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=3a207915-dfc3-4579-90cd-86ac666f61d4&DisplayLang=en

Keywords: kbtshoot kbprb kbexpertiseinter KB932862

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.