Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

various apps servers failing ldap queries intermittently

Posted on 2014-02-04
4
Medium Priority
?
882 Views
Last Modified: 2016-12-08
Hi All

I have an issue where users are unable to login to various apps using their AD accounts, all these servers use LDAP to query our domain (single forest /domain).

I have run dcdiag and generally looked at all the dc's and they all look fine to me, not sure where to go as the app guys are adamant its not their app servers but its AD

Jira for example implies that the domain is not functional and suggests it can't connect on LDAP however theres no issues with server and no reported network issues on our monitoring, if you wait 1minute and try again you can log in

Anyone got ideas

Thanks
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39833080
How are the apps connecting to ldap? Are they setup to point to a specific Domain Controller or are they pointing to the FQDN "domain.com"?

If you do nslookup domain.com to you see any IP addresses that do not belong in there? I had experienced a similar issue where an app was using ldap to connect using the FQDN and we had an IP listed as a name server which was not pingable and it was not an actual name server (not sure how it got there). When the app using ldap would do a query using ldap it was take approx 3 minutes and then finally connect, this was due to the ordering of the IP address that was present as a name server. This is how long it would take (timeout period) before it would query on the next available IP.

Might be a long shot but might be something worth checking.

Will.
0
 
LVL 5

Author Comment

by:ncomper
ID: 39833161
Hi Will

We have a mix, couple of them are binding to just our domain.local

Jira is one which is lightly different in the fact it is hard coded to query a specific DC, which again from all the tests i have done with dcdiag etc looks fine.

I have verified that the app server running Jira is correctly configured with 2 DC's on its local site that run DNS, i have verified that when i ping mydomain.local it returns a DC's ip address (a dc in our singapore office however i am told that this is normal as when using ping it just uses round robin to return a result as ping is not site aware)

Thanks
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39833667
That is correct. When you ping your internal domain it will ping anyone DC that is locates first based on round-robin. If you have this app querying on a specific DC can you check the machine resources on it CPU RAM, also can you try pointing to another DC and see if you get the same results?

Will.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 39835758
Thanks
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question