Article ID: 932862
Article Last Modified on 10/11/2007
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
SYMPTOMS
You add BitLocker Drive Encryption schema updates in an Active Directory directory service forest. After you do this, you receive error messages that resemble the following in the System log on a Microsoft Windows Server 2003-based domain controller:
Error message 1
Error message 2
These error messages occur as frequently as every five minutes. These errors are typically related to the msFVE-VolumeGuid schema object or to the msFVE-RecoveryGuid schema object.
CAUSE
This problem occurs if the following conditions are true:
- The Active Directory domain that includes the BitLocker Drive Encryption schema updates contains Windows Server 2003-based domain controllers.
- One or more of the Windows Server 2003-based domain controllers are configured to use one of the following language locales.
Language - Country/Region Locale ID Hexadecimal Locale ID Decimal Arabic - Libya 1001 4097 Chinese - Singapore 1004 4100 German - Luxembourg 1007 4103 English - Canada 1009 4105 Arabic - Algeria 1401 5121 Chinese - Macao SAR 1404 5124 German - Liechtenstein 1407 5127 English - New Zealand 1409 5129 Arabic - Morocco 1801 6145 English - Ireland 1809 6153 Arabic - Oman 2001 8193 English - Jamaica 2009 8201 Arabic - Yemen 2401 9217 English - Caribbean 2409 9225 Arabic - Syria 2801 10241 English - Belize 2809 10249 Arabic - Lebanon 3001 12289 English - Zimbabwe 3009 12297 Arabic - Kuwait 3401 13313 English - Philippines 3409 13321 Arabic - U.A.E. 3801 14337 English - Indonesia 3809 14345 Arabic - Qatar 4001 16385 English - India 4009 16393 English - Malaysia 4409 17417 English - Singapore 4809 18441 Spanish - Guatemala 100a 4106 French - Switzerland 100c 4108 Croatian (Bosnia/Herzegovina) 101a 4122 Spanish - Costa Rica 140a 5130 French - Luxembourg 140c 5132 Bosnian (Bosnia/Herzegovina) 141A 5146 Spanish - Panama 180a 6154 French - Monaco 180c 6156 Arabic - Tunisia 1c01 7169 English - South Africa 1c09 7177 Spanish - Dominican Republic 1c0a 7178 French - West Indies 1c0c 7180 Spanish - Venezuela 200a 8202 French - Reunion 200c 8204 Spanish - Colombia 240a 9226 French - Democratic Rep. of Congo 240c 9228 Spanish - Peru 280a 10250 French - Senegal 280c 10252 Arabic - Jordan 2c01 11265 English - Trinidad 2c09 11273 Spanish - Argentina 2c0a 11274 French - Cameroon 2c0c 11276 Spanish - Ecuador 300a 12298 French - Cote d'Ivoire 300c 12300 Spanish - Chile 340a 13322 French - Mali 340c 13324 Spanish - Uruguay 380a 14346 French - Morocco 380c 14348 Arabic - Bahrain 3c01 15361 English - Hong Kong SAR 3c09 15369 Spanish - Paraguay 3c0a 15370 French - Haiti 3c0c 15372 Spanish - Bolivia 400a 16394 Spanish - El Salvador 440a 17418 Spanish - Honduras 480a 18442 Spanish - Nicaragua 4c0a 19466 Spanish - Puerto Rico 500a 20490 Spanish - United States 540a 21514 Spanish - Latin America e40a 58378 French - North Africa e40c 58380 For more information about multiple language support, click the following article number to view the article in the Microsoft Knowledge Base:
325622 Plan and configure multiple language support in Exchange 2000
Note To determine the language of a remote computer, examine the following registry subkey for the remote computer:HKEY_LOCAL_MACHINE\Software\Microsoft\NTDS\Language
WORKAROUND
To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object. To do this, follow these steps:
- On a domain controller, click Start, click Run, type cmd, and then click OK.
- To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:
netdom query fsmo
- Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.
Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group. - Click Start, click Run, type adsiedit.msc, and then click OK.
Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site: - Open the Schema container, and then open the folder that contains the schema objects.
- Double-click the msFVE-RecoveryGuid schema object.
- In the schema object dialog box, click searchFlags, and then click Edit.
- In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.
- Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.
Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.
MORE INFORMATION
For more information about how Active Directory searches work, visit the following Microsoft Web site:
For more information about how to index an attribute for a containerized search, visit the following Microsoft Web site:
To view the list of Locale ID (LCID) values that are assigned by Microsoft, visit the following Microsoft Web site:
To obtain the BitLocker Drive Encryption schema, visit the following Microsoft Web site:
Keywords: kbtshoot kbprb kbexpertiseinter KB932862