The Notes Management Agent Cannot Create International-Style IDs (305165)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2 SP1
This article was previously published under Q305165

SYMPTOMS

You can use the Notes management agent (MA) to populate a Domino server by creating new users. This process involves creating an associated ID file for each enabled user. However, when you attempt to uses the new IDs with an international Domino server, the following error message is generated in the Zscript.log file:
Adding object CN=John Smith/O=Domain
Error while registering user: Invalid server or network name syntax

CAUSE

A problem with Cdir_ln.exe in recognizing the International configuration causes all ID files to be created by using the North American encryption configuration. The North American and International encryption configurations are not interchangeable in this case; a North American ID file cannot be used to gain access to an International server.

RESOLUTION

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next version of Microsoft Metadirectory Services that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later: 
   Date         Time   Version     Size       File name
   --------------------------------------------------------
   26-Jul-2001  18:53  2.2.1300.3    174,592  Cdir_ad.dll
   11-Sep-2001  14:41  2.2.1300.7  1,013,760  Cdir_ln.exe
   02-Aug-2001  16:39  2.2.1300.4    960,000  Importt.exe
   02-Aug-2001  16:40  2.2.1300.4  1,262,080  Viaserver.exe

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

In Domino releases prior to 5.0.4, two different cryptographic strengths are available (depending on location): an International version that uses a shorter encryption key (sometimes called 40-bit encryption) and a North America-only version that uses a longer encryption key (sometimes called 128-bit encryption). In subsequent releases, the North American export rules for cryptography were relaxed and a single, unified Domino server version was available internationally. This release uses 128-bit encryption. When you configure a Microsoft Metadirectory Services (MMS) Notes MA to populate a Domino release 5.0.4 or earlier server, you use a check box to designate the new accounts as either North American or International. To set or reset the type of account that MMS should create, use these steps:
  1. Using Compass, log onto MMS with administrative privileges.
  2. Using the Bookmarks action in the left pane, click Management Agents.
  3. In the right pane, click the appropriate MA.
  4. Using the actions in the left pane, click Configure MA.
  5. Click the Connected Directory Specifics tab.
  6. Click the New Users Creation tab.
  7. To create ID files with 128-bit security, select the Create U.S. users check box. These files are accepted only by a North American Domino server.
  8. To create ID files with 40-bit security, clear the Create U.S. users check box. These files are accepted by both International and North American Domino servers, but use a weaker form of encryption.
  9. Click OK.
  10. Operate the MA. Using the actions in the left pane, click Operate MA.
  11. Click Run the Management Agent.
  12. Verify that the ID files in the MA working folder are of the correct type by using the Notes Administration tool.
In all versions of Cdir_ln.exe prior to the version in this hotfix, these configuration steps do not work. In these pre-patch releases, all Notes ID files that are created by Cdir_ln.exe are uniquely North American and cannot be used with an International Domino server.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

320718 Microsoft Metadirectory Services 2.2 Post SP1 Hotfix List

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MinorLast Reviewed:10/12/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix KB305165
©2004 Microsoft Corporation. All rights reserved.