Share via

Error processing control

Roger Roger 6,286 Reputation points
2024-10-09T04:02:12.01+00:00

Hi all,

One of my applications is experiencing an issue connecting to the domain controller. They are encountering the following error in the application: [LDAP: error code 12 - 00000057: LdapErr: DSID-0C090D34, comment: Error processing control].

Could you please guide me on what errors to check on the Domain Controller? Also, how can I increase the MaxResultSetSize on the Domain Controller? I have 10 DCs, and the application is connecting to one DC. If I increase the MaxResultSetSize on one DC, will that be sufficient, or do I need to increase it on all DCs?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,768 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,512 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,133 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,578 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,842 questions
0 comments
Accepted answer
  1. Sergei Kozlov 300 Reputation points
    2024-10-09T06:21:43.9033333+00:00

    You's situation can happen if the server does not support the control or if the control is not appropriate for the operation type.

    1. Verify Supported Controls: Ensure that the domain controller supports the control being requested. You can check the supported controls in the rootDSE.
    2. Check Parameters: Make sure that the parameters being passed with the control are correct and appropriate for the operation.
    3. Review Event Logs: Look at the event logs on the domain controller for any additional error messages or warnings that might provide more context.

      Increasing MaxResultSetSize:

      To increase the MaxResultSetSize on a Domain Controller, you can use the ntdsutil tool. Here are the steps:
      1. Open Command Prompt: Run as Administrator.
      2. Start ntdsutil: Type ntdsutil and press Enter.
      3. Enter LDAP Policies: Type ldap policies and press Enter.
      4. Connect to Server: Type connections and press Enter, then connect to server <YourServerName> and press Enter.
      5. Set MaxResultSetSize: Type q to return to the LDAP policies menu, then set MaxResultSetSize to <NewSize> and press Enter.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanhong Liu 10,390 Reputation points Microsoft Vendor
    2024-10-10T03:20:58.2733333+00:00

    Hello,

    The error you’re encountering, [LDAP: error code 12 - 00000057: LdapErr: DSID-0C090D34, comment: Error processing control] , indicates an issue with LDAP control processing, which might be caused by several factors, such as invalid LDAP controls being sent, insufficient permissions, or various other misconfigurations.

    Steps to Check Errors on the Domain Controller:

    1. Check Event Logs:
      • Open the Event Viewer on the domain controller.
      • Navigate to Windows Logs > Directory Service.
      • Look for any errors or warnings that might be related to LDAP or the specific application.
    2. Verify LDAP Bind Permissions:
      • Ensure that the account used by the application to bind to the LDAP server has the necessary permissions.
    3. Review Application Configuration:
      • Check the application’s LDAP configuration. Ensure that it is correctly pointed to the appropriate DN (Distinguished Name), and that any LDAP controls or filters are correctly formatted.
    4. Inspect Network Connectivity:
      • Verify network connectivity between the application server and the domain controller.

    Increasing the MaxResultSetSize:

    The MaxResultSetSize is a parameter that controls the maximum number of entries returned in a search result set. Increasing this value can help if the application is hitting the limit during its queries.

    • Open ADSI Edit and connect to the Configuration container.
    • Navigate to CN=Query-Policies,CN=Directory Service,CN=Windows NT, CN=Services,CN=Configuration,DC=<YourDomain>, DC=<com>.
    • Right-click on CN=Default Query Policy and select Properties.
    • Look for the maxResultSetSize attribute and modify its value accordingly.

    If your application is configured to connect to any DC in your environment, it is advisable to increase the MaxResultSetSize on all Domain Controllers to ensure consistency across your environment.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.