Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

various apps servers failing ldap queries intermittently

Posted on 2014-02-04
4
Medium Priority
?
889 Views
Last Modified: 2016-12-08
Hi All

I have an issue where users are unable to login to various apps using their AD accounts, all these servers use LDAP to query our domain (single forest /domain).

I have run dcdiag and generally looked at all the dc's and they all look fine to me, not sure where to go as the app guys are adamant its not their app servers but its AD

Jira for example implies that the domain is not functional and suggests it can't connect on LDAP however theres no issues with server and no reported network issues on our monitoring, if you wait 1minute and try again you can log in

Anyone got ideas

Thanks
0
Comment
Question by:ncomper
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39833080
How are the apps connecting to ldap? Are they setup to point to a specific Domain Controller or are they pointing to the FQDN "domain.com"?

If you do nslookup domain.com to you see any IP addresses that do not belong in there? I had experienced a similar issue where an app was using ldap to connect using the FQDN and we had an IP listed as a name server which was not pingable and it was not an actual name server (not sure how it got there). When the app using ldap would do a query using ldap it was take approx 3 minutes and then finally connect, this was due to the ordering of the IP address that was present as a name server. This is how long it would take (timeout period) before it would query on the next available IP.

Might be a long shot but might be something worth checking.

Will.
0
 
LVL 5

Author Comment

by:ncomper
ID: 39833161
Hi Will

We have a mix, couple of them are binding to just our domain.local

Jira is one which is lightly different in the fact it is hard coded to query a specific DC, which again from all the tests i have done with dcdiag etc looks fine.

I have verified that the app server running Jira is correctly configured with 2 DC's on its local site that run DNS, i have verified that when i ping mydomain.local it returns a DC's ip address (a dc in our singapore office however i am told that this is normal as when using ping it just uses round robin to return a result as ping is not site aware)

Thanks
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39833667
That is correct. When you ping your internal domain it will ping anyone DC that is locates first based on round-robin. If you have this app querying on a specific DC can you check the machine resources on it CPU RAM, also can you try pointing to another DC and see if you get the same results?

Will.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 39835758
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question