Using LDAP Error Codes to Troubleshoot Problems

LDAP error codes can be very helpful in troubleshooting a problem with an ADSI application. There are two ways to find LDAP error codes returned from an Exchange Server.

1. Perform a network packet trace between the client computer and the server.

   This option can only be used when the LDAP client and the LDAP server are on different machines. With a tool such as the Microsoft Network Monitor, capture all packets between the two machines. Looking at the capture file, you will see the LDAP bind requests and responses, LDAP search requests and responses, and so on. Each response contains an error code. This error code can be found using the LDAP parser included with the Network Monitor.

2. Increase the diagnostics logging level for the LDAP interface on the Exchange Server.

To increase the diagnostics logging level

1. In the Exchange Administrator application, highlight the server in the left pane.
2. In the right pane there should be an object called Directory Service. Double-click this object.
3. On the Diagnostics Logging tab, set the logging level of the LDAP interface to Maximum.
4. Look in the application event log for an error event. An event 1354 from the MSExchangeDS should be produced indicating an error number within the description field of the event. The description should look something like: "LDAP search request failed with error: 16." This is the decimal representation of the LDAP error code. The hexadecimal LDAP error code is 0x10.
5. Once you have the error code, you can look in RPC 2251 or WINLDAP.H for the meaning. For example LDAP error code 0x10 is LDAP_NO_SUCH_ATTRIBUTE.