Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Directory Service Access (DSAccess) has been configured to use the Lightweight Directory Access Protocol (LDAP) Microsoft Windows® operating system implementation (wLDAP) protocol:

HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess\ LdapKeepAliveSecs

If the Exchange Server Analyzer finds that LdapKeepAliveSecs is present and configured with a value other than 0, a warning is displayed.

After DSAccess discovers the Active Directory® directory service topology, it determines whether the discovered list of working domain controllers and global catalog servers is suited for use. During initial discovery and ongoing rediscovery, DSAccess determines server suitability by running a series of tests. By default, one of the suitability tests uses the Internet Control Message Protocol (ICMP) to ping domain controllers to verify that the servers are available.

Not all connections in your network may support ICMP. A specific example of this situation is in a perimeter network where ICMP connectivity between the Exchange server and domain controllers is not permitted. For these cases, setting the LdapKeepAliveSecs registry parameter to 0 will force DSAccess to use wLDAP for suitability tests.

If the Exchange server that generated this warning is in a perimeter network where remote procedure call (RPC) is disabled or in a network where ICMP is not allowed, set the LdapKeepAliveSecs key to 0. Otherwise, you should delete the key. Any value that is not zero is not a supported value for this registry key.

Important:
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

To modify the LdapKeepAliveSecs key

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Double-click the LdapKeepAliveSecs key, and set the DWORD value to 0 (zero).

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

To delete the LdapKeepAliveSecs key

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Delete the value called LdapKeepAliveSecs.

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).

For more information about the LdapKeepAliveSecs registry key, see the Knowledge Base article 320529, "XADM: Using DSAccess in a Perimeter Network Firewall Scenario Requires a Registry Key Setting" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=320529).