@Scooter133: This error is logged if ORF cannot detect the default Active Directory LDAP path (a.k.a. rootDSE) for the Active Directory-based Recipient Validation feature, thus it cannot check the valid recipient addresses. This should work automatically if the server ORF runs on is a domain member, but if it does not, you can work this around by setting the LDAP path manually:
1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Recipient Validation in the left navigation tree
3. Click the "Configure selected" button under "Validation source: Microsoft Active Directory"
4. On the Directory tab select "Use the LDAP root specified below" and submit your LDAP root string.
If you have multiple domains (or child domains), using a GC:// instead of LDAP:// in the LDAP path will be needed (e.g. GC://servername/DC=domain,DC=com where servername is the name of your global catalog server). In case you have multiple domains in the same forest rather than child domains, the LDAP root should be GC://servername.
5. Set the authentication info (if your Active Directory requires authentication) on then Authentication tab
Note that the user name format required may depend on your AD settings, for example, it can be DOMAIN\user, or user. If none of them works, try with blank user name and password fields or with authentication disabled
6. Finally, click OK and save your settings by pressing Ctrl + S (or select Configuration | Save Configuration from the main menu)
1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Recipient Validation in the left navigation tree
3. Click the "Configure selected" button under "Validation source: Microsoft Active Directory"
4. On the Directory tab select "Use the LDAP root specified below" and submit your LDAP root string.
If you have multiple domains (or child domains), using a GC:// instead of LDAP:// in the LDAP path will be needed (e.g. GC://servername/DC=domain,DC=com where servername is the name of your global catalog server). In case you have multiple domains in the same forest rather than child domains, the LDAP root should be GC://servername.
5. Set the authentication info (if your Active Directory requires authentication) on then Authentication tab
Note that the user name format required may depend on your AD settings, for example, it can be DOMAIN\user, or user. If none of them works, try with blank user name and password fields or with authentication disabled
6. Finally, click OK and save your settings by pressing Ctrl + S (or select Configuration | Save Configuration from the main menu)
Krisztian Fekete (ORF Team)
(July 30, 2010)
in response to this post
in response to this post
It only happens for 2 minutes or so in a day and maybe 1-2 times a week if that. We get 40-60k e-mails a month and it is working otherwise...
So maybe the roodDSE that it thinks is the right one is busy?
So maybe the roodDSE that it thinks is the right one is busy?
Scooter133
(July 31, 2010)
@Scooter133: It is hard to tell. I guess something happens with the AD server periodically (it syncs with another server, or getting updated, or something like that) and it is unavailable for these short periods. I'd cross reference the ORF logs with the Windows Event Log messages to check what was going on the AD server when ORF logged these errors.
Krisztian Fekete (Vamsoft)
(August 1, 2010)
in response to this post
in response to this post
Does ORF log the server it is trying to Sync with? We have several AD DCs and it would be easier if I could narrow it down.
Thanks,
Thanks,
Scooter133
(August 2, 2010)
@Scooter133: ORF does not log the server name, but you can easily identify it by downloading our AD test tool from http://www.vamsoft.com/downloads/adtest.zip, extracting it to a folder on the server ORF is installed to, running the executable called "adtest.exe", and clicking the "Get LDAP root" button. This will show you the very same LDAP path ORF detects automatically (and uses for Recipient Validation).
Krisztian Fekete (ORF Team)
(August 2, 2010)
in response to this post
in response to this post
Looks like it cannot communicate with a DC??
NOTIFICATION - ORF Enterprise Edition
===================================================================
The following event has occurred:
Server : <exchange Server>
Class : System
Action : -
Severity : Error
Source : MSEXCHANGE
Filtering point : BeforeArrival
Related IP : 123.24.99.188
Sender :
Recipient(s) : <email Address>
Email Subject : -
Description:
=================
Error validating the recipient "<email Address>" (source: Active Directory). Getting rootDSE failed. EAccessViolation/Access violation at address 005A1C14 in module 'orfeesvc.exe'. Read of address 00000000.