Re: "Critical extension is unavailable"

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Critical extension is unavailable occurs when one of the controls the LDAP app is using isn't available. Most apps run into this when trying to sort a record set and the attribute being used doesn't conform to some criteria and then exceeds the tempdb size. It can be other things as well, if you can give details on the query (filter, base, scope) and the controls being used we can be more helpful.

As to specific questions

1. That is called cross references and is done on a branch basis but yes. Usually though, it brings in all sorts of authentication issues because the people like doing this with disjoint directories. A lot of people also find out that referrals may not be followed by their favorite app in the way needed as well. All in all, usually not worth the hassle.

2. Yes, google adfind. LDP can be used as well. So can dsquery.

3. I don't know... What controls are being submitted? If the application docs don't tell you you will need to get out a network sniffer and look at the raw LDAP traffic.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


jjoensuu wrote:
Hi all,

I'm totally new to this LDAP stuff so my apologies if these questions
seem ridiculous. I have a problem to troubleshoot where an application
tries to query MS AD for usernames and gets the error "Critical
extension is unavailable".

The error only seems to occur when the username 'seems not to be' found
in AD. I say 'seems not to be' because the queried records do exist in
the AD server queried by the application.

However, there are multiple AD servers in use, and this leads to my
first question:

1. Is it possible to set one AD server to refer or link to another, so
that if an application queries one server, the queried server forwards
the query to another server?

The second question is about trying to replicate the error by
simulating the query sent by the application:

2. Is there a tool that can be used for sending "free form" queries to
MS AD?

Third question - a brief answer or URL with an explanation would just
be fine:

3. What is the "extension" referred to by the error message?

thanks in advance...

JJ

.

Relevant Pages

  • Re: LDAP Query logs?
    ... Ok I think I found something....I watch the ldap packets and in the ... DNS lookup for the server named in the referral. ... And the next packet after ... > queries and then define all queries to be expensive or inefficient. ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication of 2003 AD to 2000 server: viable for LDAP?
    ... I also suggest to remove/ the exchange to a dedicated server. ... queries of our PDC to validate recipient addresses. ... also installed on our PDC. ... Our problem involves these LDAP ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS Standard and SquidNT for user web proxy
    ... I love the LDAP ... It has already helped me get our IM Server plugged into the SBS AD ... your app will search under that Container. ...
    (microsoft.public.windows.server.sbs)
  • Re: CPU utilization problem when accessing mysql and C# with ODBC
    ... > run two aggreate queries on the server side.The applications is ... If the record of a FailedCall is logged into the main db, ... app that adds the FailedCall record would increment the count of 'Failed ...
    (microsoft.public.vb.general.discussion)
  • Re: LDAP Query logs?
    ... the IPs that have been opened up for LDAP queries. ... > queries and then define all queries to be expensive or inefficient. ... > Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.win2000.active_directory)