Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 8026 Source: MSExchangeAL

LDAP Bind was unsuccessful on directory <directory> for distinguished name ''. Directory returned error: [<error code>] <error details>.
After demoting a domain controller, I found event 8026 in the Application log of our Exchange 2003 server. The Exchange RUS is configured to contact a specific domain controller to update the RUS and in our case, it was the domain controller that I demoted. I found article ME272552 from Microsoft and that resolved the problem.
If you do not have a valid subnet defined within Sites and Services this error will also occur. Once I added the correct subnet within sites, everything worked fine:

1. Open up the Active Directory Sites and Services Microsoft Management Console (MMC) snap-in.
2. Double-click sites container.
3. Right-click the subnets container.
4. Click New Subnet.
5. Type the Internet Protocol (IP) address and mask that you are going to use.
6. Select a site object for this subnet.
7. Click OK.

Also, see article ME269098.
This occurred to my Exchange 2003 Server (running on a Windows 2000 Domain server) when I formatted / removed the other two domain controllers from my domain (in preparation for fresh installations of Windows Server 2003). Hence, they were no longer reachable.
Both domain controllers were global catalog servers, but not the domain controller with Exchange 2003 on it.
I had to set the Exchange Domain controller as a Global Catalog server and seize "all Flexible Single Master Operations (FSMO) roles", as per the link “Google Thread - AD does not start “, (starting at step 24, making sure I had done steps 19 & 20: 19 - Install the Windows 2000 Active Directory Administration Tools from the server CD, D:\i386\Adminpak.msi; 20 - Install the Windows 2000 Server Resource Kit from the server CD D:\support\tools\2000rkst.msi).
Once I had done all the above, and rebooted the server, Exchange services started fine. Be careful with the above, and make sure you know what you are doing. Especially take note of the following: "Never again connect this server to the production system. I would assume it is not a good idea to do this if you still have other domain servers on your network.
- Error code: 0x34 - As per Microsoft: "This problem occurs when the Microsoft Exchange Server 2003 component of Small Business Server 2003 is installed. Event 8026 is generated every time that the computer shuts down or starts. This event occurs because of differences in the timing between services as they stop and start. You can ignore this event if it occurs during computer shutdown and startup". See ME828051 for more details.

- Error code: 0x51 - As per Microsoft: "The Recipient Update Service (RUS) is configured to use the DC that you demoted. When RUS tries to query the DC for an update, it cannot reach the DC". See ME272552 to fix this problem.

As per Microsoft: "Lightweight Directory Access Protocol (LDAP) allows you to query and manage directory information using TCP/IP. This event indicates that an LDAP connection failed. The error code/error message will indicate the underlying cause". See MSEX2K3DB for additional information on this event.
If the RUS is configured to point to a DC that does not have the FSMO role of "Infrastructure Master", then the RUS cannot update AD. Microsoft best practices for FSMO role placement (ME223346) say that "as a general rule, the infrastructure master should be located on a nonglobal catalog server". This might be counter-intuitive and lead to the mistake of configuring the RUS to use a GC that is not an IM.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.