Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 917
  • Last Modified:

various apps servers failing ldap queries intermittently

Hi All

I have an issue where users are unable to login to various apps using their AD accounts, all these servers use LDAP to query our domain (single forest /domain).

I have run dcdiag and generally looked at all the dc's and they all look fine to me, not sure where to go as the app guys are adamant its not their app servers but its AD

Jira for example implies that the domain is not functional and suggests it can't connect on LDAP however theres no issues with server and no reported network issues on our monitoring, if you wait 1minute and try again you can log in

Anyone got ideas

Thanks
0
ncomper
Asked:
ncomper
  • 2
  • 2
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
How are the apps connecting to ldap? Are they setup to point to a specific Domain Controller or are they pointing to the FQDN "domain.com"?

If you do nslookup domain.com to you see any IP addresses that do not belong in there? I had experienced a similar issue where an app was using ldap to connect using the FQDN and we had an IP listed as a name server which was not pingable and it was not an actual name server (not sure how it got there). When the app using ldap would do a query using ldap it was take approx 3 minutes and then finally connect, this was due to the ordering of the IP address that was present as a name server. This is how long it would take (timeout period) before it would query on the next available IP.

Might be a long shot but might be something worth checking.

Will.
0
 
ncomperAuthor Commented:
Hi Will

We have a mix, couple of them are binding to just our domain.local

Jira is one which is lightly different in the fact it is hard coded to query a specific DC, which again from all the tests i have done with dcdiag etc looks fine.

I have verified that the app server running Jira is correctly configured with 2 DC's on its local site that run DNS, i have verified that when i ping mydomain.local it returns a DC's ip address (a dc in our singapore office however i am told that this is normal as when using ping it just uses round robin to return a result as ping is not site aware)

Thanks
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
That is correct. When you ping your internal domain it will ping anyone DC that is locates first based on round-robin. If you have this app querying on a specific DC can you check the machine resources on it CPU RAM, also can you try pointing to another DC and see if you get the same results?

Will.
0
 
ncomperAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now