Now I’m really confused. After doing some more research on this, it looks like
LDP is a good tool for testing. From a new forest that I just spun up, it works
fine:
ld = cldap_open("x.x.x.x", 389);
Established connection to x.x.x.x.
Retrieving base DSA information...
Getting 1 entries:
Dn: (RootDSE)
configurationNamingContext: CN=Configuration,DC=widgets,DC=com;
currentTime: 11/4/2016 1:17:52 AM Coordinated Universal Time;
defaultNamingContext: DC=widgets,DC=com;
But in our production domains, from every client machine I’ve tested from,
against every domain controller, it fails:
0x0 = ldap_unbind(ld);
ld = cldap_open("x.x.x.x", 389);
Established connection to x.x.x.x.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Getting 0 entries:
Yet as far as I can tell everything in the domain is working as expected. From
the reading I did on the DC Locator process, it’s my understanding that if you
can’t find a DC using this process….. it should fail. Which would mean nobody
would be able to logon. Is it possible that this is working, but the test I’m
doing from client machines isn’t really a valid test? Is it possible that it
flips to TCP if it can’t connect over UDP? I plan on putting Wireshark on a
domain controller and looking for this.
Very strange.
Thanks
Chris
From: [email protected] [mailto:[email protected]] On
Behalf Of Micheal Espinola Jr
Sent: Thursday, November 03, 2016 9:19 PM
To: [email protected]
Subject: Re: [NTSysADM] LDAP Ping question
As I understand it, LDAP Ping is more of a handshake test - not an open port
check.
--
Espi
On Thu, Nov 3, 2016 at 2:56 PM, Christopher Bodnar
<[email protected]<mailto:[email protected]>> wrote:
I understand the function of an LDAP Ping over UDP/389 in the DC Locator
process, but shouldn’t that respond to a Portqry? When I test this I receive
the following:
UDP port 389 (unknown service): LISTENING or FILTERED
I’ve tested this in 3 separate forests against multiple domain controllers and
I have gotten the same results in every case. All are 2008 R2 DFL/FFL. A
Netstat –an does show this:
UDP x.x.x.x:389 *:*
Which seems to be correct for a UDP port that is also listening on TCP? I don’t
notice anything wrong in the domains, was just going through some firewall port
requests and tested this. Is Portqry not a real test of this function?
My next step will be to run a WireShark trace on a DC to look for this traffic.
Thanks
Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture
and Engineering Services
Tel 610-807-6459<tel:610-807-6459>
3900 Burgess Place, Bethlehem, PA 18017
[email protected]<mailto:[email protected]>
[cid:[email protected]]
The Guardian Life Insurance Company of America
www.guardianlife.com<http://www.guardianlife.com/>
________________________________
----------------------------------------- This message, and any attachments to
it, may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If the reader of this message is not the
intended recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by return
e-mail and delete the message and any attachments. Thank you.
-----------------------------------------
This message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are notified that
any use, dissemination, distribution, copying, or communication of this message
is strictly prohibited. If you have received this message in error, please
notify the sender immediately by return e-mail and delete the message and any
attachments. Thank you.
