Error: 'Cannot Authenticate to LDAP on the Exchange Server' when attempting to enable Exchange 5.5 M (NETIQKB11834)

  • 7711834
  • 02-Feb-2007
  • 22-Jun-2007


Directory and Resource Administrator 6.x

Directory and Resource Administrator 7.x

Microsoft Exchange Server 5.5

Error: 'Cannot Authenticate to LDAP on the Exchange Server' when attempting to enable Exchange 5.5 Management in Directory and Resource Administrator.

The above error message is returned by the Operating System, if the Preferred Exchange 5.5 Server specified is installed on a Windows 2000 server.  Windows 2000 uses its own LDAP Server service which initializes prior to Exchange Server's LDAP Server service. This service uses Ports 389 and 636. When the Exchange Server starts, the Exchange Directory attempts to initialize the same ports (for Secure Sockets Layer connectivity).


In order to resolve this issue the LDAP port used by Microsoft Exchange Server 5.5 must be changed from port 389, which is the default, to another unused port such as 390. To change LDAP port assignments for the Preferred Microsoft Exchange 5.5 Server within the Site, the following steps must be performed:

  1. Launch the Microsoft Exchange 5.5 Administrator client.
  2. Connect to the Preferred Exchange Server.
  3. Select the LDAP (Directory) Settings object under Site Name | Configuration | Servers | Protocols.
  4. Specify a port, which is currently not in use, in the Port number: field.
  5. Click OK.
  6. Stop and Restart the Microsoft Exchange Directory Services.

After the Microsoft Exchange Directory Services have been restarted, Microsoft Exchange Administrator Server will use the port specified instead of the default port 389.


For more information on this topic, please refer to the following Microsoft Knowledge Base article:

224447 XADM: How to Change LDAP Port Assignments in Exchange Server:;EN-US;Q224447&

Additional Information

Formerly known as NETIQKB11834