The Glade 4.0

Is anybody here an LDAP expert? Specifically, I have a question about port 389 across trusted domains.

I have a Windows 2008 server that is part of domain A. However, I see in the firewall logs that every 5 minutes, the server is trying to open ax connection on port 389 to the domain controllers of a domain B. The server should not know anything about domain B, other than that domain A and domain B have a trust relationship. Oddly though, there is av third domain, domain C, which this server is not trying to talk to.

I'm trying to track down this behavior and determine if the behavior is legitimate, what is causing it, and if it's optional behavior. If I can't so this behavior from occurring, I will need to request the port be opened up on the firewall.

Does anyone know how to troubleshoot this?

_________________

I wouldn't call myself an LDAP expert, by any means, but if the server's trying to get information from domain B, it can come up with the addresses of domain B's DC(s) via DNS.

Is your 2008 server a DC for domain A?

Oh, or, more likely.. is there anything trying to access resources on your server that's trying to use credentials from domain B? Could be a service, could be some domain B user trying to access shared files on the server, and so on.

When the domain B credentials are presented to your server, your server says "Yeah, I'm supposed to trust domain B, let me check with domain B to see if those credentials are legit, and what groups they correspond to" -- thus trying to open up an LDAP request to domain B.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

I think I figured it out. The server has monitoring software installed, and I had it performing WMI monitoring of some servers on domain B. Apparently, the monitoring software, when doing WMI, wants to query the LDAP of domain B and it is trying to get to its domain controllers. Even though it's failing, the WMI monitoring was working so I didn't make a connection between the two. I did turn off the monitoring just to eliminate variables, and most of the connection attempts stopped, but it was still trying to connect every few minutes. When I uninstalled some patch management software from the same server, the LDAP connection attempts stopped completely.

Now that I know why the server is trying to connect to these domain controllers, I can go to the network admin and request the port be opened.

_________________

Wait, your network admins require that system and application owners actually know how their systems work before they allow access control changes?

Must be nice...

Around here we get requests like... "YOUR FIREWALL IS CAUSING THE BUSINESS TO FAIL - FIX IT NAO!!!"

Sounds like our customers. "Your service is terrible! Its garbled and staticky!"

Um... your circuit is a 56k dial up running on an old 3Com ISA modem(Exaggerating slightly). What part of "VOIP is only as good as your broadband connction" didn't you understand when you purchased it?

_________________

Holy shitsnacks!

I don't know that my network admin requires that knowledge, but I feel it's the right thing to do. I mean, how am I supposed to support something if I don't know how it works?

On topic with the original problem, I had the network admin open port 389, and suddenly the firewall logs started getting bombarded with denied port 88 requests. Like 20 per second. I had to disable my software until he could open that port as well. Now everything is nice and quiet. From my server, at least.

_________________

Kerberos bites you, kerberos bites you. You die.

For future reference, I usually use tcpview from the sysinternals suite to debug this kind of thing because the Windows netstat command is bad and should feel bad.

Edit: also, Sysinternals is love. Sysinternals is life.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.