Subscribe

slow ad lookup

Hello,

I actually have 2 domain controller acting as a primary and secondary DC/DNS. I would like to be able to turn off the primary domain controller without affecting the network. Since my netapp is the host for all my home directory, I would like it to be able to switch back and forth without major downtime.

I have tested it, and with my current configuration, it takes about 5 min to lookup 1 username.

Network configuration :

2 windows 2003 R2 DC/DNS with unix compatibility acting as PDC/secondary

Windows Home directory/profile :

cifs share on netapp

unix home directory:

nfs share on netapp

Netapp sees my windows domain as a windows 2000 domain and sees both DC. I have both setup as favorite dc

This is the trace I get when I shutdown the PDC and I try to access a share on netapp:

AUTH: slow rsp - Get password by UID (xxxx) took 115032 msecs to complete

AUTH: LSA lookup: located account "domain\user" in domain "domain"

AUTH: TraceLDAPServer- Attempting to improve AD DLAP connection for FQDN

CIFS: Error on named pipe with PDC: Error connection to server, open pipe failed

CIFS: Warning for server \\pdc: connection terminated.

CIFSRPC: Attempt to create pipe SAMR for GetDomainGroupsForSID failed with error 0xc000005e

AUTH: Error looking up domain Groups during login from x.x.x.x: No Trusted Logon Servers Available - Status_no_Logon_ser

NFS response to client x.x.x.x for volume 0x3d63151 was slow, op was v3 access, 185 > 60 (in seconds)

AUTH: TraceLDAPServer- Attempting to improve AD DLAP connection for FQDN

AUTH Login attempt by user usr$ of domain domain from client machine x.x.x.x

AUTH: slow rsp - Get password by name (user) took 80000 msecs to complete

NBT: Cannot connect to server x.x.x.x over NBSS socket for port 139. Error 0x23 Resource temporarily unavailable.

AUTH: slow rsp - Get group list by name (user) took 200001 msecs to complete

most of the trace repeate themself from that point.

Login time for a windows account : 14:38:13 to 14:50 until windows timeout and fail to find my profile.

I can ssh to a solaris box and access my nfs home directory, as well as cifs shares from that box. It is slow though.

I understand that this will rarely happen but I would had hoped for something a bit faster then that. Is there something to do about it?

slow ad lookup

Is there a firewall (Windows or otherwise) in the mix here?  It looks like the connection to port 139 was unsuccessful.

slow ad lookup

Thanks for the response.

It is trying to connect to my pdc on port 139, and since I am simulating the pdc down, it can't connect. This is a perfectly fine error, in those condition. The issue here is it is REAL slow to access any shared data.

There is no firewall in the mix.