Solved: What determines a AD DC discovered status

STEVEWILLSQ · ‎2017-06-02

Looking at a customers CIFS SVMs we note that some of the DCs connected to the SVM report as slow an one unavailable.

Is there any detail about these conditions and what tests the SVM uses to determine the condition of a discovered server. i.e. if a DC is labled as slow, what is the definition of slow that has been used?

Possible DC statis results

OK

Unavailable

Slow

Expired

Undetermined

Unreachable

mbeattie · ‎2017-06-05

Hi Steve,

Without looking through ONTAP source code, i'd assume that the SVM ("client machine") uses DNS to locate the domain controller as per the following:

https://msdn.microsoft.com/en-au/library/cc717360.aspx

To locate domain controller (DC) hosting NC N, the client machine issues a DNS query for the SRV record _ldap._tcp.dc._msdcs.N, constructed from the NC name (N).

I don't have details on the status results but i'd also assume that "slow" referres to domain controllers that have been identified using a slow link detection algorthim based on ICMP.

Is there a particular issue you are trying to troubleshoot? If so i'd verfiy the AD sites and services configuration and site network link speeds.

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

mbeattie · ‎2017-06-05

Hi Steve,

Without looking through ONTAP source code, i'd assume that the SVM ("client machine") uses DNS to locate the domain controller as per the following:

https://msdn.microsoft.com/en-au/library/cc717360.aspx

To locate domain controller (DC) hosting NC N, the client machine issues a DNS query for the SRV record _ldap._tcp.dc._msdcs.N, constructed from the NC name (N).

I don't have details on the status results but i'd also assume that "slow" referres to domain controllers that have been identified using a slow link detection algorthim based on ICMP.

Is there a particular issue you are trying to troubleshoot? If so i'd verfiy the AD sites and services configuration and site network link speeds.

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

tduval · ‎2017-06-19

I would like to know this process too, because on few ONTAP 9 clusters, we've got strange behaviors with the discovered-servers status.

All of them are marked as Kerberos,MS-LDAP and MS-DC but only MS-DC seems to be "OK" the other one are all "Undetermined".

STEFANDELFS · ‎2020-05-22

Hi,

same issue here, most DCs are shown as "Undetermined".

Have you found a solution for this?

regards

mclew · ‎2020-06-04

Undetermined means we haven't tried it yet or had a reason to attempt a connection to it.

if we attempted a connection and it didnt work it would show as unavailable.

TMADOCTHOMAS · ‎2021-10-07

+1 to this topic. @mclew , can you assist with the following?

I noticed weird discrepancies on our CIFS discovered servers. For MS-DC, in many cases it's undetermined on one node but all or several DCs show OK on the second node. On some CIFS Servers, entries only show up on one node. How can I troubleshoot this?