Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Directory Service Access (DSAccess) has been configured to use the Lightweight Directory Access Protocol (LDAP) Microsoft Windows® operating system implementation (wLDAP) protocol:

HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess\ LdapKeepAliveSecs

If the Exchange Server Analyzer finds that LdapKeepAliveSecs is present and configured with a value of 0, a non-default configuration message is displayed.

After DSAccess discovers the Active Directory® directory service topology, it determines whether the discovered list of working domain controllers and global catalog servers is suited for use. During initial discovery and ongoing rediscovery, DSAccess determines server suitability by running a series of tests. By default, one of the suitability tests uses the Internet Control Message Protocol (ICMP) to ping domain controllers to verify that the servers are available.

Not all connections in your network may support ICMP. A specific example of this situation is in a perimeter network where ICMP connectivity between the Exchange server and domain controllers is not permitted. For these cases, setting the LdapKeepAliveSecs registry parameter to 0 will force DSAccess to use the Windows implementation of LDAP (wLDAP) for suitability tests.

If the Exchange server that generated the non-default configuration message is in a perimeter network where remote procedure call (RPC) is disabled or in a network where ICMP is not allowed, you should keep the LdapKeepAliveSecs key configured as it is. Otherwise, you should delete the key.

This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

To delete the LdapKeepAliveSecs key

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Delete the value called LdapKeepAliveSecs.

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (

For more information about the LdapKeepAliveSecs registry key, see the Knowledge Base article 320529, "XADM: Using DSAccess in a Perimeter Network Firewall Scenario Requires a Registry Key Setting" (