Re: LDAP UDP Port Problem
From: Mike Morgan (mmorgan_at_ci.gulfport.ms.us)
Date: 02/04/04
- Next message: Animatrix1: "Switching to Native Mode"
- Previous message: Simon Geary: "Re: Renaming NT workstations remotely"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 4 Feb 2004 08:18:13 -0600
You're description is accurate. That is indeed what its happening. I can
see that there is communication on 389/udp going to and from the server.
But, my firewall is reporting some fragmentation going from server to
workstation. I just didn't know what to do about it. I tried forcing
Kerberos to tcp communications a few days ago without success. However, I
may have done something wrong. I'll try it again. I'm also going to work
with my firewall vendor to see if my firewall is the problem. Thanks for the
help.
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:%238TUunr6DHA.3704@tk2msftngp13.phx.gbl...
> You might want to do a network trace on both sides and watch the packets.
A
> common occurrence is for UDP packets to be tossed out when they exceed a
> certain size and start to fragment. This is configurable in the networking
> hardware.
>
> You can doublecheck if this is the problem by forcing kerberos to use tcp
> for all communications.
>
> See http://support.microsoft.com/default.aspx?scid=KB;en-us;q244474
>
> The correct fix is to identify that the network gear is tossing out the
UDP
> packets and sit down with your network people and have them explain why.
>
> --
> www.joeware.net
>
>
> "Mike Morgan" <mmorgan@ci.gulfport.ms.us> wrote in message
> news:OuvFA6d6DHA.2952@tk2msftngp13.phx.gbl...
> >
> >
> > I'm having a problem logging in to our new active directory from any
> subnet
> > other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> > workstation on 10.25.1.6 every thing works fine. If I put it on
10.25.4.6,
> > it takes forever to login. Troubleshooting has revealed that TCP/IP and
> DNS
> > are working properly. Netdiag revealed some failed tests, but nothing
> panned
> > out in the way of a solution. Then I did some portqry's on the LDAP port
> on
> > my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below.
In
> > short, with a 10.25.4.6 IP on the workstation, the DC does not respond
to
> > UDP requests. Does anybody know how to either fix or work around this?
> Thank
> > you.
> >
> >
> > portqry -name downtown01 -p tcp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > UDP port 389 is LISTENING
> >
> >
> >
> >
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > ++++++++++++++++++++++++++++
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11756
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=Configuration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query to port 389 failed
> > Server did not respond to LDAP query
> >
> >
> >
>
>
- Next message: Animatrix1: "Switching to Native Mode"
- Previous message: Simon Geary: "Re: Renaming NT workstations remotely"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
