This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 57.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Following the advice in the 2020 LDAP Channel binding and LDAP signing requirements I changed the LdapEnforceChannelBinding to 1 and set the logging level to 2. Now I'm getting information log entries in the Directory Services log like the below. It references my 2 domain controllers which scares me a little. I've run DCDIAG and it does not come up with any errors. I've also checked replication using AD Replication Status Tool 1.0 and it also comes up clean. I just want to make sure this is not a sign of a larger problem
Internal event: The LDAP server returned an error.
Additional Data
Error value:
0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=DC1,CN=Servers,CN=1-Office,CN=Sites,CN=Configuration,DC=LocalDomain,DC=local'
AND
Internal event: The LDAP server returned an error.
Additional Data
Error value:
0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=DC2,CN=Servers,CN=2-Office,CN=Sites,CN=Configuration,DC=LocalDomain,DC=local'
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Vicky
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 95%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
I am getting the same error when attemtping to install the CRL file for the domain from an offline CA that is replacing a deprecated CA. Cant find any information about the error anywhere.
Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky
Hello @Vicky Wang this week has gotten a bit away from me but I'm hoping to keep this open till I run the trace
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Vicky
I'm so sorry for the delayed response I was finally able to get a capture. It appears it the other Domain controller that is asking for this info which is really odd seeing as it should have it.
--I only have 2 domain controllers in 2 different sites / networks connected via a Brach Office VPN.
Checked the AD Replication Status tool and I get no errors.
Any where else I could check to make sure everything is healthy?
Thanks
Sean
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 24%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I am seeing this exact same thing in my event logs. The only difference is that both of my domain controllers are in the same site/subnet. Especially as these register as "Information" events, not even errors, I'll bet that many (or perhaps all) enterprises are getting this, but just not noticing it because who has time to dig through event logs for no specific reason?
The one warning event I'm getting in the Directory Service log is like (event ID 1216)
Internal event: An LDAP client connection was closed because of an error.
Client IP:
some IP address:51668
Additional Data
Error value:
1236 The network connection was aborted by the local system.
Internal ID:
c060410
I even got one with the local machine's (domain controller's) IP address. So, it is having an error connecting to itself?
The original poster's event is ID 1535.