This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 57.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Following the advice in the 2020 LDAP Channel binding and LDAP signing requirements I changed the LdapEnforceChannelBinding to 1 and set the logging level to 2. Now I'm getting information log entries in the Directory Services log like the below. It references my 2 domain controllers which scares me a little. I've run DCDIAG and it does not come up with any errors. I've also checked replication using AD Replication Status Tool 1.0 and it also comes up clean. I just want to make sure this is not a sign of a larger problem
Internal event: The LDAP server returned an error.
Additional Data
Error value:
0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=DC1,CN=Servers,CN=1-Office,CN=Sites,CN=Configuration,DC=LocalDomain,DC=local'
AND
Internal event: The LDAP server returned an error.
Additional Data
Error value:
0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=DC2,CN=Servers,CN=2-Office,CN=Sites,CN=Configuration,DC=LocalDomain,DC=local'
Maybe this one helps.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/97cef83c-9757-4aa1-8205-453eae872dd3/ldap-interface-event-on-one-server-only?forum=winserverDS
--please don't forget to Accept as answer if the reply is helpful--
Thank you for your reply @Dave Patrick . I did see the article but it seemed a bit dated as I'm sure more and more people will be enabling logging I thought there had to be a bit more info out there.
You may need to do a network capture. It looks like the request is targeting some object that doesn't exist. Likely is not fatal as you said the dcdiag, repadmin comes back clean.
--please don't forget to Accept as answer if the reply is helpful--
Thank you for your time. It is going to be difficult for be to setup a capture on that server. But I'm glad it seems like it shouldn't be an issue. The error below is also coming up often in the Directory Services log, does it mean anything in conjunction with the original error? (random number of duplicates)
Duplicate event log entries were suppressed.
See the previous event log entry for details. An entry is considered a duplicate if the event code and all of its insertion parameters are identical. The time period for this run of duplicates is from the time of the previous event to the time of this event.
Event Code:
400005ff
Number of duplicate entries:
1
Please post the source and event ID
--please don't forget to Accept as answer if the reply is helpful--