LDAP Synchronization fails when using a Windows Server 2008 R2 Domain Controller as the LDAP source.
|Article:TECH97476|||||Created: 2009-01-17|||||Updated: 2011-02-10|||||Article URL http://www.symantec.com/docs/TECH97476|
You have configured an LDAP source for synchronization using a Windows Server 2008 R2 domain controller as the LDAP server. After saving the LDAP source the initial synchronization fails.
ERROR - Exception Message :ERROR: -4966:Rejected entry synch cannot be performed on a fresh dfc
The LDAP query associated with the sychronization has specified a critical query control that is either unavailable or unacceptable to the Active Directory 2008 LDAP source. Since the query control was marked as critical it caused the query to fail in accordance with RFC 2251 Section 4.1.12 returning error code 12. This may be due to security enhancements made to Active Directory in R2.
You will have to use recipient validation instead. There is no problem using a Windows Server 2008 R2 domain controller as an LDAP source for recipient validation. This option is only available in Brightmail Gateway versions 8x and up, it is not available in SMTP 5.
Note: Windows Server 2008 Active Directory has not been certified with Symantec Brightmail Gateway or Symantec Mail Security for SMTP and is not considered a supported LDAP source.
This issue has been resolved in Brightmail Gateway Version 9x
RFC 2251 4.1.12
Article URL http://www.symantec.com/docs/TECH97476