The error caught in the network trace with wireshark
00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102
was only obtained minutes before the problem of not processing LDAP modify requests resolved itself.
I wanted to make sure that same error occurred during the entire interval in which LDAP modify requests were not progressing
I used two ways to try to confirm it:
- I tried to decrypt all local GSS-API SASL encrypted/sealed LDAP PDUs. My idea was to create a kerberos keytab file with the kerberos shared secrets of all security principals of the AD domain but i´m having problems when i try to export the AD DB with esedbexport utility (https://github.com/libyal/libesedb/wiki/Building)
- I tried to trace the LDAP modify_request and modify_responses sent by the dns.exe process ("DNS Server" NT service) using the procedure documented here (https://learn.microsoft.com/es-es/previous-versions/windows/desktop/ldap/ldap-and-etw?redirectedfrom...). Bad news are that the ldap_modify responses are not traced when the process that sends them is dns.exe. For example, for an ldapadmin.exe LDAP client, doing the trace with the following flags:
D:\ldapadmin>tracelog.exe -start ldapadmin -guid #099614a5-5dd7-4788-8bc9-e29f43db28fc -f D:\ldapadmin.etl -flag 0x00000402
both (request and response) are captured:
ldap_modify called for connection 0x22d05f0: DN is CN=XXXX,OU=Usuarios,OU=Sabon,DC=corporacion,DC=lavoz,DC=es. Synchronous is 0x1.
ldap_modify returned 0x0 for connection 0x22d05f0: DN was 'CN=XXXX,OU=Usuarios,OU=Sabon,DC=corporacion,DC=lavoz,DC=es'.
but for dns.exe only the request (ldap_modify called for connection..) is captured
Despite the fact that, due to what was explained above, I cannot confirm it 100%, I believe that the error 00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102
is the only one that occurs at the time of the problem
Do you have any idea of the reason for the error and a possible solution?
Thank you so much
