Maximum LDAP read latency has exceeded 100 milliseconds

Topic Last Modified: 2007-09-19

The Microsoft Exchange Analyzer tool includes a performance data collection engine that is used to query performance counter objects on computers that are running Exchange 2000 Server or Exchange Server 2003. The performance data collection engine collects data from the LDAP Read Time performance counter of the MSExchangeDSAccess Process performance object to analyze performance data.

The LDAP Read Time performance counter shows the time in milliseconds that it takes a Lightweight Directory Access Protocol (LDAP) read request to be fulfilled. The Exchange Analyzer retrieves a sample every 5 seconds for 5 minutes. The Exchange Analyzer then reports the maximum value for the performance counter during the collection interval. If the maximum value exceeds 100 milliseconds, the Exchange Analyzer displays an error.

High LDAP read latencies can be caused by high remote procedure call (RPC) latencies and by increasing queues. High LDAP read latencies generally indicate one of the following problems:

A performance problem with the network connection to the domain controller.
Performance problems with the domain controller itself.

Note:
LDAP latencies are generally higher when users connect to domain controllers that are located in different physical sites. However, the recommended maximum latencies stated in this article should generally be followed. Exchange servers will query out-of-domain global catalog servers every 15 minutes to keep an up-to-date list of global catalog servers and Domain Controllers. Because some of these directory servers may be remote, the latencies on these queries may be high. This is acceptable as long as the requests are infrequent, that is, the rate is less than 0.5 requests a second.

Note:

LDAP latencies are generally higher when users connect to domain controllers that are located in different physical sites. However, the recommended maximum latencies stated in this article should generally be followed.

Exchange servers will query out-of-domain global catalog servers every 15 minutes to keep an up-to-date list of global catalog servers and Domain Controllers. Because some of these directory servers may be remote, the latencies on these queries may be high. This is acceptable as long as the requests are infrequent, that is, the rate is less than 0.5 requests a second.

If the domain controller that has logged this error is located in a different physical site, you may be able to safely ignore this error if you can determine whether the domain controller that reports this error is not used by the Exchange server. One way to determine whether a domain controller is used by Exchange is to increase diagnostic logging for the Topology component of the MSExchangeDSAccess service to Minimum. If you do not see MSExchangeDSAccess event ID event 2080, you can safely ignore this error.

Important:
For mixed mode environments only, behavior was introduced around the Exchange 2000 SP2 timeframe for certain specific security related user attributes like tokenGroups and tokengroupsGlobalandUniversal, used to determine what security groups a user is a member of and therefore what permissions s/he has to secure resources such as public folders, that requires the Exchange server to query a domain controller that is authoritative for the user’s home domain. The authoritative domain controller may be in a remote site and queries from lots of remote homed domain users accessing local public folders could contribute to high RPC latencies.

Important:

For mixed mode environments only, behavior was introduced around the Exchange 2000 SP2 timeframe for certain specific security related user attributes like tokenGroups and tokengroupsGlobalandUniversal, used to determine what security groups a user is a member of and therefore what permissions s/he has to secure resources such as public folders, that requires the Exchange server to query a domain controller that is authoritative for the user’s home domain. The authoritative domain controller may be in a remote site and queries from lots of remote homed domain users accessing local public folders could contribute to high RPC latencies.

For more information about this behavior, see the following Exchange Server blog topic "Exchange Does Not Always Use Local GCs" (http://go.microsoft.com/fwlink/?LinkId=69166).

Note:
Links to blogs are provided to help you find the technical information you need. The content of each blog and its URL are subject to change without notice.

To resolve this error, do the following:

Verify that all network connections to the domain controller are functional and support Internet Control Monitoring Protocol (ICMP) traffic.
Consider the best practices in the following articles:
- For information about the LDAP Read Time performance counter and other counters you can use to troubleshoot Active Directory-bound problems, see the "Ruling Out Active Directory-Bound Problems" topic in Troubleshooting Microsoft Exchange Server Performance (http://go.microsoft.com/fwlink/?LinkId=47588). This article also includes information about how to improve Active Directory performance.
- For more information about how to maximize Active Directory performance, see the "Active Directory Integration Tuning" topic in the Performance and Scalability Guide for Exchange Server 2003 (http://go.microsoft.com/fwlink/?LinkId=47576).
- For information about making sure of high availability for your Active Directory servers, see the sections under Ensuring Reliable Access to Active Directory and Domain Name System in the "System-Level Fault Tolerant Measures" topic of the Exchange 2003 High Availability Guide (http://go.microsoft.com/fwlink/?LinkId=47571).
- For information about network bandwidth considerations, see the Network Performance section of the "Understanding Exchange Performance" topic in the Performance and Scalability Guide for Exchange Server 2003 (http://go.microsoft.com/fwlink/?LinkId=47576).