Solved

various apps servers failing ldap queries intermittently

Posted on 2014-02-04
4
826 Views
Last Modified: 2016-12-08
Hi All

I have an issue where users are unable to login to various apps using their AD accounts, all these servers use LDAP to query our domain (single forest /domain).

I have run dcdiag and generally looked at all the dc's and they all look fine to me, not sure where to go as the app guys are adamant its not their app servers but its AD

Jira for example implies that the domain is not functional and suggests it can't connect on LDAP however theres no issues with server and no reported network issues on our monitoring, if you wait 1minute and try again you can log in

Anyone got ideas

Thanks
0
Comment
Question by:ncomper
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39833080
How are the apps connecting to ldap? Are they setup to point to a specific Domain Controller or are they pointing to the FQDN "domain.com"?

If you do nslookup domain.com to you see any IP addresses that do not belong in there? I had experienced a similar issue where an app was using ldap to connect using the FQDN and we had an IP listed as a name server which was not pingable and it was not an actual name server (not sure how it got there). When the app using ldap would do a query using ldap it was take approx 3 minutes and then finally connect, this was due to the ordering of the IP address that was present as a name server. This is how long it would take (timeout period) before it would query on the next available IP.

Might be a long shot but might be something worth checking.

Will.
0
 
LVL 5

Author Comment

by:ncomper
ID: 39833161
Hi Will

We have a mix, couple of them are binding to just our domain.local

Jira is one which is lightly different in the fact it is hard coded to query a specific DC, which again from all the tests i have done with dcdiag etc looks fine.

I have verified that the app server running Jira is correctly configured with 2 DC's on its local site that run DNS, i have verified that when i ping mydomain.local it returns a DC's ip address (a dc in our singapore office however i am told that this is normal as when using ping it just uses round robin to return a result as ping is not site aware)

Thanks
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39833667
That is correct. When you ping your internal domain it will ping anyone DC that is locates first based on round-robin. If you have this app querying on a specific DC can you check the machine resources on it CPU RAM, also can you try pointing to another DC and see if you get the same results?

Will.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 39835758
Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now