ECS: Intermittent login failures of domain users due to AD or LDAP timeout value exceeded

Summary: This article explains why there are intermittent login failures of domain users due to AD or LDAP timeout value exceeded.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) search base is too large. The ECS LDAP timeout value is exceeded. This results in an intermittent login failure of domain users
 

Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) search base is too large. The ECS LDAP timeout value is exceeded. This results in an intermittent login failure of domain users.
 

Cause

The current AD or LDAP search base has to find the user within numerous folders on the AD or LDAP Server and does not succeed within ECS LDAP timeout period of 1000 milliseconds.

Typically, in this situation, the search base is assigned to the root location of the AD server.

Resolution

Troubleshooting

  1. Change the search base temporarily to the direct location of a test user who is affected by the intermittent login failure.
  2. Log in as that user multiple times to confirm successful logins.
  3. If the user is now constantly logging in successfully, then the search base size exceeds the default LDAP timeout issue of 1000 milliseconds.

 

Resolution

  • Option 1
Change the search base beyond the AD server root location to a more specific location in order to not exceed the LDAP timeout value of 1000 milliseconds.
  • Option 2
If the user is unable to limit the size of the search base, the search base must be set at the root location of the AD server. Open a Service Request (SR) and quote this article for Dell support to review the LDAP timeout configuration value. It is a requirement that ECS is on a minimum code level of 3.4.0.1 before the LDAP timeout change is implemented on all VDCs in the federation.

Additional Information

Whenever there is an ECS software update, the LDAP timeout value changes to the default 1000 milliseconds. Ensure to check and change to the configured value after the upgrade.

Affected Products

ECS Appliance

Products

ECS
Article Properties
Article Number: 000058587
Article Type: Solution
Last Modified: 04 Nov 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.