戻る
-
タイトル
LDAP timeout errors reported when Safeguard attempts to communicate with AD -
説明
Safeguard is unable to communicate with certain AD Domain Controllers, due to timeout or unreachable errors. -
原因
This could be due to the particular Domain Controllers that are selected when Safeguard performs it's Global Catalog lookup. A DC may be advertised as available in the Global Catalog, but either Safeguard is not able to reach it, or it is busy and the connection times out before a response is received.
There may be different error messages seen in the logs, such as, "LDAP 85 Client side timeout exceeded", or "Domain Controller Unreachable".
When a "Domain Controller Unreachable" error is received, Safeguard will mark this particular DC as temporarily unavailable, and will attempt to use an alternate DC. Currently, Safeguard does not deny DCs in the same way when the client timeout error is received.
-
対策
STATUS
An enhancement request has been submitted to include the LDAP 85 timeout in the list of errors that will cause Safeguard to mark the DC as temporarily unavailable.
WORKAROUNDIf it is known that certain DCs aren't reachable to Safeguard (or certain Safeguard appliances), configuration could be adjusted in AD Sites and Services to limit the DCs that Safeguard has exposure to. This environmental configuration would need to be assessed by the AD Admins in your organization and would be outside the scope of what One Identity Support could assist with. -
変更要求
222150