Re: Member Server Login Slow DMZ-Internal Subnet
From: Dmitry Korolyov (d__k_at_mail.ru)
Date: 05/01/03
- Next message: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Previous message: Steve K.: "Member Server Login Slow DMZ-Internal Subnet"
- In reply to: Steve K.: "Member Server Login Slow DMZ-Internal Subnet"
- Next in thread: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Reply: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 01:13:46 +0400
Long logins usually indicate DNS or site misconfiguration. In your case, the
server most likely was unable to determine the site it belongs to, since the
DMZ's subnet was not added to any site in AD. Therefore, it was impossible
to determine the closest domain controller which should perform
authentication, and random DC was selected. Since you have 2 remote DCs and
1 local its 66% probability that remote DC is used.
Talking about DNS, the server might first try to perform resulution (for AD)
in external DNS and was unable to find anything, and only then tried
internal. This usually gets fixed by changing adapter bindings or DNS server
orders.
-- Dmitry Korolyov "Steve K." <skonde@hotmail.,com> wrote in message news:#CwhaVCEDHA.1840@TK2MSFTNGP10.phx.gbl... > I had a requirement to place a member server on my DMZ and have it login to > AD across the firewall. I set up a rule containing this machine and the > three DC's on my internal subnet. > > During login it it took a LONG time (over 5 minutes) after entering a user > name and password (and hitting enter immediately :) ) seemingly hanging on > "Please Wait...Loading your personal settings...". > > Eventually the account was able to login and I was even able to browse AD. > > My question is two part. > > 1: In my firewall log I noticed that this member server was attempting to > establish a connection to all three of my DC's even though two of them are > remote. Why isn't it just getting what it needs from the local DC (local > being attached to the third nic in the firewall as opposed to a T1)? > > 2: Why the long login time? > > Here are the ports opened in the rule between the member server and the > three DC's. Our DMZ is set up behind our firewall not in front. We are not > using a NAT firewall, we are using an application proxy and routing. > > - 123 tcp > > - 135 tcp > > - 137 udp > > - 138 udp > > - 139 tcp > > - 53 udp > > - 53 tcp > > - 88 udp > > - 88 tcp > > - 389 tcp > > - 389 udp > > - 445 tcp > > - 3269 tcp > > - 8 icmp (ping) > > > > Thanks in Advance > > Steve K. > > >
- Next message: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Previous message: Steve K.: "Member Server Login Slow DMZ-Internal Subnet"
- In reply to: Steve K.: "Member Server Login Slow DMZ-Internal Subnet"
- Next in thread: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Reply: Steve K.: "Re: Member Server Login Slow DMZ-Internal Subnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
