Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Directory Service Access (DSAccess) has been configured to use a non-default ping protocol:

HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess\DisableNetLogonCheck

If the Exchange Server Analyzer finds DisableNetLogonCheck is present and configured with a value greater than 0, a non-default configuration message is displayed.

After DSAccess discovers the Active Directory® directory service topology, it determines whether the discovered domain controllers and global catalog servers are suited for use. During initial discovery and ongoing rediscovery, DSAccess determines server suitability by running a series of tests. One test sends a remote procedure call (RPC) to the directory server to test its general suitability. In a perimeter network scenario where RPC traffic is typically not allowed, the DSAccess RPC request fails. However, DSAccess continues to issue RPCs until it fails, which can take a long time. Such repeated checks can adversely affect the performance of computers that are running Exchange Server. For this reason, administrators frequently add the DisableNetLogonCheck registry key and configure it with a value of 1 on Exchange servers located on a perimeter network.

If the Exchange server that generated the non-default configuration message is in a perimeter network where RPC is disabled, or if you have determined that you do not want DSAccess to perform this suitability test, you should set the DisableNetLogonCheck key to 1. Otherwise, you should delete the DisableNetLogonCheck key.

Important:
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

To use the DisableNetLogonCheck key

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Double-click the DisableNetLogonCheck key, and set the DWORD value to 1.

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

To delete the DisableNetLogonCheck key

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess

  3. Delete the value called DisableNetLogonCheck.

  4. Close the registry editor. You do not have to restart any services to make the change take effect.

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).

For more information about the DisableNetLogonCheck registry key, see the Knowledge Base article 320228, "XGEN: The DisableNetLogonCheck Registry Value and How to Use It" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=320228).