locked
The server does not support the requested critical extension (0x8007202c) RRS feed

  • Question

  • Hello guys,

    The sympton is the same as the one in https://i1.social.s-msft.com/globalresources/Images/trans.gif?cver=0%0d%0a"The server does not support the requested critical extension." Exception.

    I got the error in calling IDirectorySearch::GetNextRow. As I observe, the error is trigger when retrieving the another page of records. The LDAP path to connect is "GC://<FQDN_of_GC>". The search filter is (&(|(objectClass=group)(objectClass=msExchDynamicDistributionList))(mailnickname=*)). There are about 100 thousands of group objects in the forest. So the answer in that thread does not help.

    Any thoughts?

    Thanks.

     


    Msts.cn@Outlook.com

    Saturday, November 29, 2014 10:03 AM

Answers

  • I think we can end this thread now since customer has closed the case...

    Customer's max page size in server side is 1000. There are total 90000 distribution group objects the program to retrieve. The connection targets at GC.

    In my program, the page size to query is 1000. The problem seems transient. I saw that within 5 minutes the program run two times with one succeeded while the other failed. And it seems the longer the LDAP connection lasts (my program may do some other operation while enumerating the objects), the easier that the error occurs. 

    That's probably a environment problem. But  I have no idea how to locate it. 

    M.


    Msts.cn@Outlook.com

    • Marked as answer by Vivian_Wang Wednesday, January 7, 2015 7:38 AM
    Tuesday, January 6, 2015 5:57 AM

All replies

  • Hi,

    So did you try this KB article already?

    Error message when an application or a service tries to query for any deleted objects by using a well-known GUID in a Windows Server 2008 R2-based domain if paged search is used: "0x8007202c Critical extension is unavailable"

    http://support.microsoft.com/kb/977180

    Regards.


    Vivian Wang

    • Proposed as answer by Vivian_Wang Monday, December 8, 2014 6:37 AM
    Monday, December 1, 2014 5:56 AM
  • Thanks for your reply, Vivian.

    I have not tried because my situation is different and it is in customer's env. Do you think it worth a try?

    Thanks.


    Msts.cn@Outlook.com

    Monday, December 1, 2014 6:00 AM
  • Hi,

    I cannot reproduce the issue, but i suggest you could have a try.

    Install the hotfix to check the result.

    Please feel free to let us know if you have any update.

    Regards.


    Vivian Wang

    Thursday, December 4, 2014 7:23 AM
  • Hi,

    Any update about the issue?

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Monday, December 8, 2014 6:37 AM
  • Customer rejected the solution.


    Msts.cn@Outlook.com

    Monday, December 8, 2014 6:43 AM
  • Hi Michael,

    Thanks for your post.

    Form the description, this seems to be related to a limit on the LDAP Query returning too many objects from Active Directory or searching for objects properties that are not indexed in Active Directory.

    Per the other AD related cases/issues I found with the same error "the server does not support the requested critical extension" we unchecked the Groups setting on the AD System Discovery properties, and the new computers were successfully discovered. We also ruled out the timing of the Active Directory System Discovery by changing it back to 2 hours, and it would only work, if Groups was unchecked. If you are already using AD System Group Discovery separately, leaving this setting unchecked on the AD System Discovery should not have any ill effects.

    Hope to hear good news from you soon.

    Best regards,
    Bryan

    Friday, December 12, 2014 9:27 AM
  • Hi Michael,

    I have not heard from you in a few of days, and I'm writing to follow up to check if you have any questions about the information I provided.

    Best regards,
    Bryan

    Wednesday, December 17, 2014 6:09 AM
  • Customer has got anther more urgent problem for me to work with. I will let you know the progress on this problem if any.

    Thanks.


    Msts.cn@Outlook.com

    Wednesday, December 17, 2014 6:12 AM
  • Hi Michael,

    Thanks for letting me know your progress. I will be standing by with you. Once you have any further questions during regarding our issue, feel free to let me know. I’m happy to help with any questions you may have.

    Best regards,
    Bryan

    Monday, December 22, 2014 2:57 AM
  • Hi Bryan, 

    Customer would like a try. Could you specify the steps to set the Grouping properties and the timing of the Active Directory System Discovery?

    Thanks,

    M.


    Msts.cn@Outlook.com

    Tuesday, December 23, 2014 9:59 AM
  • Hi Michael,

    Thanks for your response.

    For the detailed information about configuring the Active Directory System Discovery, please refer to the article as below:

    How to Configure Active Directory System Discovery
    http://technet.microsoft.com/en-us/library/bb693618.aspx

    Anything unclear, please feel free to let me know.

    Best regards,
    Bryan

    Wednesday, December 24, 2014 10:31 AM
  • Is it a MS product or a role/feature to install on windows server? I cannot find it on my windows 2008 R2 server. 

    Thanks,

    M.


    Msts.cn@Outlook.com

    Wednesday, December 24, 2014 10:38 AM
  • Hi Michael,

    Thanks for your remind of the server is Windows 2008 R2. 

    After deep research on this topic, there were a couple of possible causes. One was based on asking AD to do sorting on the results of the query. Our calls to AD do not do any sorting at all. The other I came to was a couple of pages that may help alleviate the problem of groups in large AD environments. It has to deal with the temporary table size that Active Directory uses, with the tunable parameter MaxTempTableSize.

    The articles as below are for your reference:

    http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/95bfb95f-4e43-4dd8-ac3a-0c89d2cf528e

    http://support.microsoft.com/kb/315071

    http://msdn.microsoft.com/en-us/library/ms677927(VS.85).aspx

    Besides, if the above is not the cause of our issue, there may be something wrong in the C# code. Since I just an AD engineer and not familiar with the C# code, I suggest you should involve one C# code engineer to work with us about this issue. After doing many research, please add the class of the object when searching. For example, “DirectorySearcher ds = new DirectorySearcher(de, filter,class)”. I’m not sure if it’s correct, just a suggestion.

    Hope to hear good news from you soon. Happy X'MAS day!

    Best regards,
    Bryan

    • Proposed as answer by Vivian_Wang Tuesday, January 6, 2015 4:50 AM
    Thursday, December 25, 2014 6:45 AM
  • Hi,

    I just want to confirm what is the current situation.

    Please feel free to let us know if you need further assistance.

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, January 6, 2015 4:50 AM
  • I think we can end this thread now since customer has closed the case...

    Customer's max page size in server side is 1000. There are total 90000 distribution group objects the program to retrieve. The connection targets at GC.

    In my program, the page size to query is 1000. The problem seems transient. I saw that within 5 minutes the program run two times with one succeeded while the other failed. And it seems the longer the LDAP connection lasts (my program may do some other operation while enumerating the objects), the easier that the error occurs. 

    That's probably a environment problem. But  I have no idea how to locate it. 

    M.


    Msts.cn@Outlook.com

    • Marked as answer by Vivian_Wang Wednesday, January 7, 2015 7:38 AM
    Tuesday, January 6, 2015 5:57 AM
  • Hi Michael,

    Thanks for your kind response.

    Based on my experience and research, generally, if the issue occurred randomly, the most possible cause may be that there were some Network contact issues at that time. For locating the root cause, we should gather a lot of Network trace information for checking, and it may cost a long time and many efforts. Since the Network issue may be randomly, maybe we should gather the Network trace for more than one time for the useful information.

    So, to such issue, if you want to locate the root cause, it is not an efficient way to work in this community since we may need more resources, for example the Network trace, which is not appropriate to handle in community. I’d like to suggest that you submit a service request to MS Professional tech support service so that a dedicated Support Professional can further assist with this request.

    Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone

    If there is something unclear or you have any concerns about this issue, please don’t hesitate to let me know.

    Best regards,
    Bryan

    Wednesday, January 7, 2015 3:36 AM