Solved

various apps servers failing ldap queries intermittently

Posted on 2014-02-04
4
816 Views
Last Modified: 2014-02-05
Hi All

I have an issue where users are unable to login to various apps using their AD accounts, all these servers use LDAP to query our domain (single forest /domain).

I have run dcdiag and generally looked at all the dc's and they all look fine to me, not sure where to go as the app guys are adamant its not their app servers but its AD

Jira for example implies that the domain is not functional and suggests it can't connect on LDAP however theres no issues with server and no reported network issues on our monitoring, if you wait 1minute and try again you can log in

Anyone got ideas

Thanks
0
Comment
Question by:ncomper
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
How are the apps connecting to ldap? Are they setup to point to a specific Domain Controller or are they pointing to the FQDN "domain.com"?

If you do nslookup domain.com to you see any IP addresses that do not belong in there? I had experienced a similar issue where an app was using ldap to connect using the FQDN and we had an IP listed as a name server which was not pingable and it was not an actual name server (not sure how it got there). When the app using ldap would do a query using ldap it was take approx 3 minutes and then finally connect, this was due to the ordering of the IP address that was present as a name server. This is how long it would take (timeout period) before it would query on the next available IP.

Might be a long shot but might be something worth checking.

Will.
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Hi Will

We have a mix, couple of them are binding to just our domain.local

Jira is one which is lightly different in the fact it is hard coded to query a specific DC, which again from all the tests i have done with dcdiag etc looks fine.

I have verified that the app server running Jira is correctly configured with 2 DC's on its local site that run DNS, i have verified that when i ping mydomain.local it returns a DC's ip address (a dc in our singapore office however i am told that this is normal as when using ping it just uses round robin to return a result as ping is not site aware)

Thanks
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
That is correct. When you ping your internal domain it will ping anyone DC that is locates first based on round-robin. If you have this app querying on a specific DC can you check the machine resources on it CPU RAM, also can you try pointing to another DC and see if you get the same results?

Will.
0
 
LVL 5

Author Closing Comment

by:ncomper
Comment Utility
Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now