Exchange Server 2007 "Detecting LDAP filters that could cause setup problems"

Some customers have experienced a problem where the following error is generated when installing the Mailbox role on an Exchange 2007 server (typically the first Exchange 2007 Mailbox server in the org): Exchange server address list service failed to respond You might also see events logged in the Application log of the server. For full […]

Some customers have experienced a problem where the following error is generated when installing the Mailbox role on an Exchange 2007 server (typically the first Exchange 2007 Mailbox server in the org):

Exchange server address list service failed to respond

You might also see events logged in the Application log of the server. For full symptom details, please see KB 935636.

The above error is usually caused by setup failing to parse an LDAP filter properly. There are two types of LDAP filters we're aware of that cause this problem (and if someone has seen other filters - please let us know!).

The first is a filter where an attribute name is immediately preceded by a logical operator:

(&attribute=value)

Although Active Directory itself has no problem ignoring the unnecessary '&', Exchange 2007 setup doesn't like this at all.

The other type of filter that causes the problem is a DN-valued attribute containing parentheses in the value:

(homeMDB=CN=Mailbox Store (SERVER1),CN=First Storage Group,CN=...)

The parentheses surrounding the server name in the value confuse setup, causing the same behavior.

Fortunately, these problems are easy to fix. For the first, you can simply remove the unnecessary '&' character from the filter by using ADSI Edit to change the purportedSearch attribute on the policy. For the second, you can rename the store in Exchange System Manager so that it no longer contains parentheses, and then change the filter to reflect the new name.

To help identify problem filters, I've written a little script that will check the filters on all address lists and recipient policies for these two problems. You can run this on any machine in the forest where PowerShell has been installed. There's no need to install any Exchange components, as it doesn't rely on them at all, so you can run this before you even start deploying Exchange 2007.

Please note: this script is not officially supported by Microsoft Support Services.

The script takes no parameters. Just change into the folder where you've put the script and run it:

PS C:\Users\administrator\Desktop> .\CheckFilters

The script is not signed, so you may need to adjust your execution policy using set-executionpolicy in order to allow it to run. The output will look like this:

Evaluating: Default Policy
Filter is good.
Evaluating: Test Policy
Filter is good.
Evaluating: Default Global Address List
Filter is good.

If it finds a problem filter, it will tell you what problems it found on that filter:

Evaluating: Lab2 Mailboxes
Warning: a homeMDB value contains parentheses.
Warning: an attribute name is immediately preceded by a logical operator.

Hopefully this script will make it easier to identify the problem filters when setup fails, and since it can also be used to check for these problems ahead of time, you can get your filters fixed before you ever run setup, avoiding the problem entirely!

To download the script itself, please go here.

Exchange Server 2007, Setup, LDAP, Tips and Tricks, Troubleshooting, Knowledgebase

Source:→ Exchange Team Blog