AD Referral causes slowness for UDS to AD communication
search cancel

AD Referral causes slowness for UDS to AD communication

book

Article ID: 111843

calendar_today

Updated On:

Products

CA Advanced Authentication CA Strong Authentication CA Risk Authentication

Issue/Introduction

Footprints in arcotuds.log like shown below are indicative of referral chasing on the AD Directory server side leading to non-white listed IP addresses and inactive servers delaying the responses to the UDS.

2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Returning Attributes = 12
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Search limit set to - 2147483647
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Redirect Attribute 'null' & Redirect schema ''
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Initial search returned '1' results ß---------------------------------------- Delay of 4 minutes 37 seconds for Ldap / AD query to fetch the results
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Processing Search Results returned of size '1'

Environment

AuthMinder(Arcot WebFort)

Cause

The underlying AD server is chasing referrals and some of the references are to inactive and non-white listed IP addresses and servers. 

Resolution

Active Directory Admin should ensure that inactive servers and non-white listed IP addresses are removed from the referral list. 

We also have a patch to disable Referrals now built in the product, for more Information about setting it up please reach out to support.

Additional Information

https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=106199

Powered by Wolken Software