LDAP works but get -17709 error

[Michael Barsoom]

I was able to configure the LDAP server with help from my IT department. It
appears to work just fine, however I keep getting a -17709 error when it
first accesses the LDAP. I dismiss the error and I am able to find names in
the address book. What do I have to do to stop getting this error message.

Mike

 

[Ouch]

Mike, there are a number of reasons for this error, but the most likely
cause is the number results shown is too low. By default its set to
100, a good number for a large enterprise is 500. Ed

 

[Boettcher, Scott]

Also, try removing any entries in the "search base" field.

SB

 

[Nathan Herring [MSFT]]

kLDAP_ResponseUnexpectedMessageID is our internal code for error -17709.
Whenever an LDAP client makes a request to the LDAP server, it needs to make
a new message ID, so that when the LDAP server returns the results, it
annotates them with the message ID of the request, in case multiple requests
get put in at the same time. We are getting back a message ID from the
server that isn't one we expect. It's hard to know whether it's because it's
a message that we already processed or just a random ID or whether it's a
bug.

Is this regularly reproducable?

-nh

 

[Michael Barsoom]

Nathan

It occurs every time I access the directory. I did make a directory only
account and that one works fine, but when I use the one linked to my
exchange account (even though both are configured the same) I get the -17709
error. I assume that this means it is a bug in entourage.

Mike

 

[Nathan Herring [MSFT]]

I wouldn't make that assumption just yet. Would you mind getting a network
sniff from your LDAP server communication? From that, I should be able to
piece together what is going on, so long as it isn't hidden by SSL.

sudo tcpdump -i en0 -s 0 -w ldapsniff.dmp port 389 or port 3268

The dump file can be re-read by tcpdump to show the contents of the sniffs.
I use the "-x" flag to show hex output. Also, if your interface isn't the
default ethernet, you'll need to use that designator instead of "en0". My
airport is "en1". ifconfig will list all the various interfaces, though most
of them aren't useful for this purpose.

-nh

 

[O'Keefe, John]

I get this error also, but not all the time. Our IT people say it may be
that Entourage is impatient- they think the server is not responding quickly
enough, which explains why Entourage reports the error on initial startup
but works find when doing a search.

 

[Michael Barsoom]

John,

Try this, make a directory only account using the exact same settings. For
me I don't get the error. I only get the error with the GAL search
associated with my outlook account.

Mike