LDAP UDP Port Problem

I'm having a problem logging in to our new active directory from any subnet
other than the one the DC is on. The DC is on 10.25.1.5. If I put a
workstation on 10.25.1.6 every thing works fine. If I put it on 10.25.4.6,
it takes forever to login. Troubleshooting has revealed that TCP/IP and DNS
are working properly. Netdiag revealed some failed tests, but nothing panned
out in the way of a solution. Then I did some portqry's on the LDAP port on
my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below. In
short, with a 10.25.4.6 IP on the workstation, the DC does not respond to
UDP requests. Does anybody know how to either fix or work around this? Thank
you.


portqry -name downtown01 -p tcp -e 389

Querying target system called:

downtown01

Attempting to resolve name to IP address...


Name resolved to 10.25.1.5

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
dsServiceName: CN=NTDS
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
i,DC=gulfport,DC=ms,DC=us
namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
schemaNamingContext:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 11760
supportedSASLMechanisms: GSSAPI
dnsHostName: downtown01.ci.gulfport.ms.us
ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
serverName:
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
port,DC=ms,DC=us
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE


======== End of LDAP query response ========


portqry -name downtown01 -p udp -e 389


Querying target system called:

downtown01

Attempting to resolve name to IP address...


Name resolved to 10.25.1.5

querying...

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
dsServiceName: CN=NTDS
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
i,DC=gulfport,DC=ms,DC=us
namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
schemaNamingContext:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 11760
supportedSASLMechanisms: GSSAPI
dnsHostName: downtown01.ci.gulfport.ms.us
ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
serverName:
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
port,DC=ms,DC=us
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE


======== End of LDAP query response ========



UDP port 389 is LISTENING



++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
++++++++++++++++++++++++++++
portqry -name downtown01 -p udp -e 389


Querying target system called:

downtown01

Attempting to resolve name to IP address...


Name resolved to 10.25.1.5

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
dsServiceName: CN=NTDS
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
i,DC=gulfport,DC=ms,DC=us
namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
schemaNamingContext:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 11756
supportedSASLMechanisms: GSSAPI
dnsHostName: downtown01.ci.gulfport.ms.us
ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
serverName:
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
port,DC=ms,DC=us
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE


======== End of LDAP query response ========



portqry -name downtown01 -p udp -e 389

Querying target system called:

downtown01

Attempting to resolve name to IP address...


Name resolved to 10.25.1.5

querying...

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

My apologies, the first set of output is from 10.25.1.6 and the second is
from 10.25.4.6.

"Mike Morgan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> I'm having a problem logging in to our new active directory from any
subnet
> other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> workstation on 10.25.1.6 every thing works fine. If I put it on 10.25.4.6,
> it takes forever to login. Troubleshooting has revealed that TCP/IP and
DNS
> are working properly. Netdiag revealed some failed tests, but nothing
panned
> out in the way of a solution. Then I did some portqry's on the LDAP port
on
> my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below. In
> short, with a 10.25.4.6 IP on the workstation, the DC does not respond to
> UDP requests. Does anybody know how to either fix or work around this?
Thank
> you.
>
> From: 10.25.1.6
> portqry -name downtown01 -p tcp -e 389
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> TCP port 389 (ldap service): LISTENING
>
> Using ephemeral source port
> Sending LDAP query to TCP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11760
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
> portqry -name downtown01 -p udp -e 389
>
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> UDP port 389 (unknown service): LISTENING or FILTERED
>
> Using ephemeral source port
> Sending LDAP query to UDP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11760
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
>
> UDP port 389 is LISTENING
>
>
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++
From: 10.25.4.6
> portqry -name downtown01 -p udp -e 389
>
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> TCP port 389 (ldap service): LISTENING
>
> Using ephemeral source port
> Sending LDAP query to TCP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11756
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
>
> portqry -name downtown01 -p udp -e 389
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> UDP port 389 (unknown service): LISTENING or FILTERED
>
> Using ephemeral source port
> Sending LDAP query to UDP port 389...
>
> LDAP query to port 389 failed
> Server did not respond to LDAP query
>
>
>

"Mike Morgan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> My apologies, the first set of output is from 10.25.1.6 and the second is
> from 10.25.4.6.
>
> "Mike Morgan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> >
> > I'm having a problem logging in to our new active directory from any
> subnet
> > other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> > workstation on 10.25.1.6 every thing works fine. If I put it on
10.25.4.6,
> > it takes forever to login. Troubleshooting has revealed that TCP/IP and
> DNS
> > are working properly. Netdiag revealed some failed tests, but nothing
> panned
> > out in the way of a solution. Then I did some portqry's on the LDAP port
> on
> > my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below.
In
> > short, with a 10.25.4.6 IP on the workstation, the DC does not respond
to
> > UDP requests. Does anybody know how to either fix or work around this?
> Thank
> > you.
> >
> > From: 10.25.1.6
> > portqry -name downtown01 -p tcp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > UDP port 389 is LISTENING
> >
> >
> >
> >
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> > ++++++++++++++++++++++++++++
> From: 10.25.4.6
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11756
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query to port 389 failed
> > Server did not respond to LDAP query

Do you have those IP subnets associated with the site under AD sites and
services?

> >
> >
> >
>
>

Yes, the IP's are associated with a site called Downtown. The subnets
associated with that site are 10.25.1.0, 10.25.3.0, 10.25.4.0, and
10.25.5.0. Only the machines on the 10.25.1.0 subnet will login normally.

"Rob Elder, MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Mike Morgan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > My apologies, the first set of output is from 10.25.1.6 and the second
is
> > from 10.25.4.6.
> >
> > "Mike Morgan" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > >
> > >
> > > I'm having a problem logging in to our new active directory from any
> > subnet
> > > other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> > > workstation on 10.25.1.6 every thing works fine. If I put it on
> 10.25.4.6,
> > > it takes forever to login. Troubleshooting has revealed that TCP/IP
and
> > DNS
> > > are working properly. Netdiag revealed some failed tests, but nothing
> > panned
> > > out in the way of a solution. Then I did some portqry's on the LDAP
port
> > on
> > > my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below.
> In
> > > short, with a 10.25.4.6 IP on the workstation, the DC does not respond
> to
> > > UDP requests. Does anybody know how to either fix or work around this?
> > Thank
> > > you.
> > >
> > > From: 10.25.1.6
> > > portqry -name downtown01 -p tcp -e 389
> > >
> > > Querying target system called:
> > >
> > > downtown01
> > >
> > > Attempting to resolve name to IP address...
> > >
> > >
> > > Name resolved to 10.25.1.5
> > >
> > > querying...
> > >
> > > TCP port 389 (ldap service): LISTENING
> > >
> > > Using ephemeral source port
> > > Sending LDAP query to TCP port 389...
> > >
> > > LDAP query response:
> > >
> > >
> > > currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> > > subschemaSubentry:
> > > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > dsServiceName: CN=NTDS
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > i,DC=gulfport,DC=ms,DC=us
> > > namingContexts:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > schemaNamingContext:
> > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > configurationNamingContext:
> CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > supportedControl: 1.2.840.113556.1.4.319
> > > supportedLDAPVersion: 3
> > > supportedLDAPPolicies: MaxPoolThreads
> > > highestCommittedUSN: 11760
> > > supportedSASLMechanisms: GSSAPI
> > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > serverName:
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > port,DC=ms,DC=us
> > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > isSynchronized: TRUE
> > > isGlobalCatalogReady: TRUE
> > >
> > >
> > > ======== End of LDAP query response ========
> > >
> > >
> > > portqry -name downtown01 -p udp -e 389
> > >
> > >
> > > Querying target system called:
> > >
> > > downtown01
> > >
> > > Attempting to resolve name to IP address...
> > >
> > >
> > > Name resolved to 10.25.1.5
> > >
> > > querying...
> > >
> > > UDP port 389 (unknown service): LISTENING or FILTERED
> > >
> > > Using ephemeral source port
> > > Sending LDAP query to UDP port 389...
> > >
> > > LDAP query response:
> > >
> > >
> > > currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> > > subschemaSubentry:
> > > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > dsServiceName: CN=NTDS
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > i,DC=gulfport,DC=ms,DC=us
> > > namingContexts:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > schemaNamingContext:
> > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > configurationNamingContext:
> CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > supportedControl: 1.2.840.113556.1.4.319
> > > supportedLDAPVersion: 3
> > > supportedLDAPPolicies: MaxPoolThreads
> > > highestCommittedUSN: 11760
> > > supportedSASLMechanisms: GSSAPI
> > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > serverName:
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > port,DC=ms,DC=us
> > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > isSynchronized: TRUE
> > > isGlobalCatalogReady: TRUE
> > >
> > >
> > > ======== End of LDAP query response ========
> > >
> > >
> > >
> > > UDP port 389 is LISTENING
> > >
> > >
> > >
> > >
> >
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> > > ++++++++++++++++++++++++++++
> > From: 10.25.4.6
> > > portqry -name downtown01 -p udp -e 389
> > >
> > >
> > > Querying target system called:
> > >
> > > downtown01
> > >
> > > Attempting to resolve name to IP address...
> > >
> > >
> > > Name resolved to 10.25.1.5
> > >
> > > querying...
> > >
> > > TCP port 389 (ldap service): LISTENING
> > >
> > > Using ephemeral source port
> > > Sending LDAP query to TCP port 389...
> > >
> > > LDAP query response:
> > >
> > >
> > > currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> > > subschemaSubentry:
> > > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > dsServiceName: CN=NTDS
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > i,DC=gulfport,DC=ms,DC=us
> > > namingContexts:
CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > schemaNamingContext:
> > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > configurationNamingContext:
> CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > supportedControl: 1.2.840.113556.1.4.319
> > > supportedLDAPVersion: 3
> > > supportedLDAPPolicies: MaxPoolThreads
> > > highestCommittedUSN: 11756
> > > supportedSASLMechanisms: GSSAPI
> > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > serverName:
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > port,DC=ms,DC=us
> > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > isSynchronized: TRUE
> > > isGlobalCatalogReady: TRUE
> > >
> > >
> > > ======== End of LDAP query response ========
> > >
> > >
> > >
> > > portqry -name downtown01 -p udp -e 389
> > >
> > > Querying target system called:
> > >
> > > downtown01
> > >
> > > Attempting to resolve name to IP address...
> > >
> > >
> > > Name resolved to 10.25.1.5
> > >
> > > querying...
> > >
> > > UDP port 389 (unknown service): LISTENING or FILTERED
> > >
> > > Using ephemeral source port
> > > Sending LDAP query to UDP port 389...
> > >
> > > LDAP query to port 389 failed
> > > Server did not respond to LDAP query
>
> Do you have those IP subnets associated with the site under AD sites and
> services?
>
> > >
> > >
> > >
> >
> >
>
>

Just curious - does dcdiag report an issue when run on that dc? If a DC is
not advertising I'm not sure whether it just stops responding to Netlogon
UDP LDAP queries or all UDP LDAP queries. dcdiag could tell you if you are
advertising.

Jason
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Mike Morgan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Yes, the IP's are associated with a site called Downtown. The subnets
> associated with that site are 10.25.1.0, 10.25.3.0, 10.25.4.0, and
> 10.25.5.0. Only the machines on the 10.25.1.0 subnet will login normally.
>
> "Rob Elder, MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > "Mike Morgan" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > >
> > > My apologies, the first set of output is from 10.25.1.6 and the second
> is
> > > from 10.25.4.6.
> > >
> > > "Mike Morgan" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > >
> > > >
> > > > I'm having a problem logging in to our new active directory from any
> > > subnet
> > > > other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> > > > workstation on 10.25.1.6 every thing works fine. If I put it on
> > 10.25.4.6,
> > > > it takes forever to login. Troubleshooting has revealed that TCP/IP
> and
> > > DNS
> > > > are working properly. Netdiag revealed some failed tests, but
nothing
> > > panned
> > > > out in the way of a solution. Then I did some portqry's on the LDAP
> port
> > > on
> > > > my DC with both 10.25.1.6 and 10.25.4.6. The results are listed
below.
> > In
> > > > short, with a 10.25.4.6 IP on the workstation, the DC does not
respond
> > to
> > > > UDP requests. Does anybody know how to either fix or work around
this?
> > > Thank
> > > > you.
> > > >
> > > > From: 10.25.1.6
> > > > portqry -name downtown01 -p tcp -e 389
> > > >
> > > > Querying target system called:
> > > >
> > > > downtown01
> > > >
> > > > Attempting to resolve name to IP address...
> > > >
> > > >
> > > > Name resolved to 10.25.1.5
> > > >
> > > > querying...
> > > >
> > > > TCP port 389 (ldap service): LISTENING
> > > >
> > > > Using ephemeral source port
> > > > Sending LDAP query to TCP port 389...
> > > >
> > > > LDAP query response:
> > > >
> > > >
> > > > currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> > > > subschemaSubentry:
> > > >
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > > dsServiceName: CN=NTDS
> > > >
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > > i,DC=gulfport,DC=ms,DC=us
> > > > namingContexts:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > schemaNamingContext:
> > > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > configurationNamingContext:
> > CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > supportedControl: 1.2.840.113556.1.4.319
> > > > supportedLDAPVersion: 3
> > > > supportedLDAPPolicies: MaxPoolThreads
> > > > highestCommittedUSN: 11760
> > > > supportedSASLMechanisms: GSSAPI
> > > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > > serverName:
> > > >
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > > port,DC=ms,DC=us
> > > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > > isSynchronized: TRUE
> > > > isGlobalCatalogReady: TRUE
> > > >
> > > >
> > > > ======== End of LDAP query response ========
> > > >
> > > >
> > > > portqry -name downtown01 -p udp -e 389
> > > >
> > > >
> > > > Querying target system called:
> > > >
> > > > downtown01
> > > >
> > > > Attempting to resolve name to IP address...
> > > >
> > > >
> > > > Name resolved to 10.25.1.5
> > > >
> > > > querying...
> > > >
> > > > UDP port 389 (unknown service): LISTENING or FILTERED
> > > >
> > > > Using ephemeral source port
> > > > Sending LDAP query to UDP port 389...
> > > >
> > > > LDAP query response:
> > > >
> > > >
> > > > currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> > > > subschemaSubentry:
> > > >
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > > dsServiceName: CN=NTDS
> > > >
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > > i,DC=gulfport,DC=ms,DC=us
> > > > namingContexts:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > schemaNamingContext:
> > > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > configurationNamingContext:
> > CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > supportedControl: 1.2.840.113556.1.4.319
> > > > supportedLDAPVersion: 3
> > > > supportedLDAPPolicies: MaxPoolThreads
> > > > highestCommittedUSN: 11760
> > > > supportedSASLMechanisms: GSSAPI
> > > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > > serverName:
> > > >
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > > port,DC=ms,DC=us
> > > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > > isSynchronized: TRUE
> > > > isGlobalCatalogReady: TRUE
> > > >
> > > >
> > > > ======== End of LDAP query response ========
> > > >
> > > >
> > > >
> > > > UDP port 389 is LISTENING
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> > > > ++++++++++++++++++++++++++++
> > > From: 10.25.4.6
> > > > portqry -name downtown01 -p udp -e 389
> > > >
> > > >
> > > > Querying target system called:
> > > >
> > > > downtown01
> > > >
> > > > Attempting to resolve name to IP address...
> > > >
> > > >
> > > > Name resolved to 10.25.1.5
> > > >
> > > > querying...
> > > >
> > > > TCP port 389 (ldap service): LISTENING
> > > >
> > > > Using ephemeral source port
> > > > Sending LDAP query to TCP port 389...
> > > >
> > > > LDAP query response:
> > > >
> > > >
> > > > currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> > > > subschemaSubentry:
> > > >
CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > > > dsServiceName: CN=NTDS
> > > >
> > >
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > > > i,DC=gulfport,DC=ms,DC=us
> > > > namingContexts:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > schemaNamingContext:
> > > > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > > > configurationNamingContext:
> > CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > > > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > > > supportedControl: 1.2.840.113556.1.4.319
> > > > supportedLDAPVersion: 3
> > > > supportedLDAPPolicies: MaxPoolThreads
> > > > highestCommittedUSN: 11756
> > > > supportedSASLMechanisms: GSSAPI
> > > > dnsHostName: downtown01.ci.gulfport.ms.us
> > > > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > > > serverName:
> > > >
> > >
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > > > port,DC=ms,DC=us
> > > > supportedCapabilities: 1.2.840.113556.1.4.800
> > > > isSynchronized: TRUE
> > > > isGlobalCatalogReady: TRUE
> > > >
> > > >
> > > > ======== End of LDAP query response ========
> > > >
> > > >
> > > >
> > > > portqry -name downtown01 -p udp -e 389
> > > >
> > > > Querying target system called:
> > > >
> > > > downtown01
> > > >
> > > > Attempting to resolve name to IP address...
> > > >
> > > >
> > > > Name resolved to 10.25.1.5
> > > >
> > > > querying...
> > > >
> > > > UDP port 389 (unknown service): LISTENING or FILTERED
> > > >
> > > > Using ephemeral source port
> > > > Sending LDAP query to UDP port 389...
> > > >
> > > > LDAP query to port 389 failed
> > > > Server did not respond to LDAP query
> >
> > Do you have those IP subnets associated with the site under AD sites and
> > services?
> >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

You might want to do a network trace on both sides and watch the packets. A
common occurrence is for UDP packets to be tossed out when they exceed a
certain size and start to fragment. This is configurable in the networking
hardware.

You can doublecheck if this is the problem by forcing kerberos to use tcp
for all communications.

See http://support.microsoft.com/default...;en-us;q244474

The correct fix is to identify that the network gear is tossing out the UDP
packets and sit down with your network people and have them explain why.

--
www.joeware.net


"Mike Morgan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> I'm having a problem logging in to our new active directory from any
subnet
> other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> workstation on 10.25.1.6 every thing works fine. If I put it on 10.25.4.6,
> it takes forever to login. Troubleshooting has revealed that TCP/IP and
DNS
> are working properly. Netdiag revealed some failed tests, but nothing
panned
> out in the way of a solution. Then I did some portqry's on the LDAP port
on
> my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below. In
> short, with a 10.25.4.6 IP on the workstation, the DC does not respond to
> UDP requests. Does anybody know how to either fix or work around this?
Thank
> you.
>
>
> portqry -name downtown01 -p tcp -e 389
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> TCP port 389 (ldap service): LISTENING
>
> Using ephemeral source port
> Sending LDAP query to TCP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11760
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
> portqry -name downtown01 -p udp -e 389
>
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> UDP port 389 (unknown service): LISTENING or FILTERED
>
> Using ephemeral source port
> Sending LDAP query to UDP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11760
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
>
> UDP port 389 is LISTENING
>
>
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++
> portqry -name downtown01 -p udp -e 389
>
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> TCP port 389 (ldap service): LISTENING
>
> Using ephemeral source port
> Sending LDAP query to TCP port 389...
>
> LDAP query response:
>
>
> currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> subschemaSubentry:
> CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> dsServiceName: CN=NTDS
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> i,DC=gulfport,DC=ms,DC=us
> namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> schemaNamingContext:
> CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> configurationNamingContext: CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> supportedControl: 1.2.840.113556.1.4.319
> supportedLDAPVersion: 3
> supportedLDAPPolicies: MaxPoolThreads
> highestCommittedUSN: 11756
> supportedSASLMechanisms: GSSAPI
> dnsHostName: downtown01.ci.gulfport.ms.us
> ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> serverName:
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> port,DC=ms,DC=us
> supportedCapabilities: 1.2.840.113556.1.4.800
> isSynchronized: TRUE
> isGlobalCatalogReady: TRUE
>
>
> ======== End of LDAP query response ========
>
>
>
> portqry -name downtown01 -p udp -e 389
>
> Querying target system called:
>
> downtown01
>
> Attempting to resolve name to IP address...
>
>
> Name resolved to 10.25.1.5
>
> querying...
>
> UDP port 389 (unknown service): LISTENING or FILTERED
>
> Using ephemeral source port
> Sending LDAP query to UDP port 389...
>
> LDAP query to port 389 failed
> Server did not respond to LDAP query
>
>
>

You're description is accurate. That is indeed what its happening. I can
see that there is communication on 389/udp going to and from the server.
But, my firewall is reporting some fragmentation going from server to
workstation. I just didn't know what to do about it. I tried forcing
Kerberos to tcp communications a few days ago without success. However, I
may have done something wrong. I'll try it again. I'm also going to work
with my firewall vendor to see if my firewall is the problem. Thanks for the
help.

"Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> You might want to do a network trace on both sides and watch the packets.
A
> common occurrence is for UDP packets to be tossed out when they exceed a
> certain size and start to fragment. This is configurable in the networking
> hardware.
>
> You can doublecheck if this is the problem by forcing kerberos to use tcp
> for all communications.
>
> See http://support.microsoft.com/default...;en-us;q244474
>
> The correct fix is to identify that the network gear is tossing out the
UDP
> packets and sit down with your network people and have them explain why.
>
> --
> www.joeware.net
>
>
> "Mike Morgan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> >
> > I'm having a problem logging in to our new active directory from any
> subnet
> > other than the one the DC is on. The DC is on 10.25.1.5. If I put a
> > workstation on 10.25.1.6 every thing works fine. If I put it on
10.25.4.6,
> > it takes forever to login. Troubleshooting has revealed that TCP/IP and
> DNS
> > are working properly. Netdiag revealed some failed tests, but nothing
> panned
> > out in the way of a solution. Then I did some portqry's on the LDAP port
> on
> > my DC with both 10.25.1.6 and 10.25.4.6. The results are listed below.
In
> > short, with a 10.25.4.6 IP on the workstation, the DC does not respond
to
> > UDP requests. Does anybody know how to either fix or work around this?
> Thank
> > you.
> >
> >
> > portqry -name downtown01 -p tcp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:34 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:24:47 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11760
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > UDP port 389 is LISTENING
> >
> >
> >
> >
>
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
> > ++++++++++++++++++++++++++++
> > portqry -name downtown01 -p udp -e 389
> >
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > TCP port 389 (ldap service): LISTENING
> >
> > Using ephemeral source port
> > Sending LDAP query to TCP port 389...
> >
> > LDAP query response:
> >
> >
> > currentdate: 02/02/2004 21:23:56 (unadjusted GMT)
> > subschemaSubentry:
> > CN=Aggregate,CN=Schema,CN=Configuration,DC=ci,DC=g ulfport,DC=ms,DC=us
> > dsServiceName: CN=NTDS
> >
>
Settings,CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=S ites,CN=Configuration,DC=c
> > i,DC=gulfport,DC=ms,DC=us
> > namingContexts: CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > defaultNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=ci,DC=gulfport,DC=ms ,DC=us
> > configurationNamingContext:
CN=Configuration,DC=ci,DC=gulfport,DC=ms,DC=us
> > rootDomainNamingContext: DC=ci,DC=gulfport,DC=ms,DC=us
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedLDAPVersion: 3
> > supportedLDAPPolicies: MaxPoolThreads
> > highestCommittedUSN: 11756
> > supportedSASLMechanisms: GSSAPI
> > dnsHostName: downtown01.ci.gulfport.ms.us
> > ldapServiceName: ci.gulfport.ms.us:downtown01$@CI.GULFPORT.MS.US
> > serverName:
> >
>
CN=DOWNTOWN01,CN=Servers,CN=Downtown,CN=Sites,CN=C onfiguration,DC=ci,DC=gulf
> > port,DC=ms,DC=us
> > supportedCapabilities: 1.2.840.113556.1.4.800
> > isSynchronized: TRUE
> > isGlobalCatalogReady: TRUE
> >
> >
> > ======== End of LDAP query response ========
> >
> >
> >
> > portqry -name downtown01 -p udp -e 389
> >
> > Querying target system called:
> >
> > downtown01
> >
> > Attempting to resolve name to IP address...
> >
> >
> > Name resolved to 10.25.1.5
> >
> > querying...
> >
> > UDP port 389 (unknown service): LISTENING or FILTERED
> >
> > Using ephemeral source port
> > Sending LDAP query to UDP port 389...
> >
> > LDAP query to port 389 failed
> > Server did not respond to LDAP query
> >
> >
> >
>
>