Our company is running all Windows 2003 Servers. I have 2 DC's both fully upgraded from Windows 2000 to Windows 2003 AD. I have a SPAM filter that uses LDAP for user management. Recently I upgraded our DC's to SP1 and it seems that after this happened I have not been able to connect to LDAP with the SPAM filter. The servers were upgraded to 2003 about a year ago and to SP1 about 2 months ago. I ran DCDIAG /V on one of the DC's and here is what it gave me: Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine srv001, is a DC. * Connecting to directory service on server srv001. [srv001] Directory Binding Error -2146892976: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. This may limit some of the tests that can be performed. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SRV001 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check [SRV001] DsBindWithSpnEx() failed with error -2146892976, The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.. ......................... SRV001 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SRV001 Skipping all tests, because server SRV001 is not responding to directory service requests Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : gff Starting test: CrossRefValidation ......................... gff passed test CrossRefValidation Starting test: CheckSDRefDom ......................... gff passed test CheckSDRefDom Running enterprise tests on : gff.pvt Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... gff.pvt passed test Intersite Starting test: FsmoCheck GC Name: \\srv001.gff.pvt Locator Flags: 0xe00001fc Warning: Couldn't verify this server as a PDC using DsListRoles() PDC Name: \\srv000.gff.pvt Locator Flags: 0xe00001fd Time Server Name: \\srv001.gff.pvt Locator Flags: 0xe00001fc Preferred Time Server Name: \\srv001.gff.pvt Locator Flags: 0xe00001fc KDC Name: \\srv001.gff.pvt Locator Flags: 0xe00001fc ......................... gff.pvt passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS Obviously it is a Directory Binding error. I have run a search on Google with no luck. I found a few Microsoft articles that told me it was a kerberos authentication problem and I needed to change the protocol that kerberos used from UDP to TCP. I did this and still it isn't working. If anyone has any ideas please let me know. Thanks for the help! Justin Watkins