Symptoms

• Publishing a certificate revocation list (CRL) to AD LDS or ADAM fails
• The publishing method could be certutil.exe or a directory synchronization tool
• You may see events similar to the following:

Log Name:      ADAM (Instance-Name)

Source:        ADAM [Instance-Name] LDAP

Date:          3/23/2011 9:51:09 AM

Event ID:      1216

Task Category: LDAP Interface

Level:         Warning

Keywords:      Classic

User:          N/A

Computer:      DNS-Name

Description:

Internal event: An LDAP client connection was closed because of an error. 

 



Client IP:

192.168.1.5:12345 



 

Additional Data

Error value:

8 Not enough storage is available to process this command.

Internal ID:

c0604cb





----------------------





Log Name:      ADAM (Instance-Name)

Source:        ADAM [Instance-Name] LDAP

Date:          3/23/2011 9:51:09 AM

Event ID:      1535

Task Category: LDAP Interface

Level:         Information

Keywords:      Classic

User:          ANONYMOUS LOGON

Computer:      DNS-Name

Description:

Internal event: The LDAP server returned an error. 

 



Additional Data

Error value:

00000008: LdapErr: DSID-0C0604D1, comment: The server did not have enough resources to process the request, data 0, v1db0











Cause





The CRL is too large to be accepted by the LDAP interface, and the maximum size allowed for the certificateRevocationList attribute is being exceeded as well.









Resolution





You need to make two changes:



1. Change the MaxReceiveBuffer size for the AD LDS/ADAM instance to accept a size that is larger than the largest CRL you expect. The default setting is 10MB.

    -See http://technet.microsoft.com/en-us/library/cc781970(WS.10).aspx



2. Change the RangeUpper value for the certificateRevocationList attribute in the AD LDS/ADAM schema to a size that is larger than the largest CRL you expecdt. The default setting is 10MB.

    -See http://msdn.microsoft.com/en-us/library/ms679438(VS.85).aspx