Troubleshooting LDAP query issues with Symantec Mail Security for Microsoft Exchange 6.5.1 and later
|Article:TECH134342|||||Created: 2010-01-28|||||Updated: 2012-05-25|||||Article URL http://www.symantec.com/docs/TECH134342|
I enabled a content filtering rule with a user condition specified, and ever since I have been experiencing symptoms similar to those described in 'Mail flow is very slow or stops entirely when a content filtering rule for Symantec Mail Security for Exchange with a user condition is enabled.' What options are available to help troubleshoot this issue?
Symantec Mail Security for Microsoft Exchange (SMSMSE) 6.5.1 and later allow for debugging of Lightweight Directory Access Protocol (LDAP) queries to assist in determining the source of any failures. Turn on debug logging as described in this article: How to Obtain Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE). Then reproduce the issue.
When the issue occurs again a Windows Event Log entry is created from source "Symantec Mail Security for Microsoft Exchange" with ID 398:
Symantec Mail Security for Microsoft Exchange cannot verify the SMTP address of sender <X400 email address>. Content filtering will be skipped for these senders until this sender can be resolved in Active Directory
LDAP Query: <query>
LDAP Source: <IP/Hostname of LDAP server used>
Perfmon can also be used to determine if there are delays contacting the LDAP source. Collect the perfmon counter MSExchangeDSAccess Processes\LDAP Search Time counter as per this Microsoft Technet article to determine if LDAP search times are the source of the problem.
Article URL http://www.symantec.com/docs/TECH134342