Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000058587

ECS: Intermittent login failures of domain users due to AD or LDAP timeout value exceeded

Summary: This article explains why there are intermittent login failures of domain users due to AD or LDAP timeout value exceeded.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) search base is too large. The ECS LDAP timeout value is exceeded. This results in an intermittent login failure of domain users.
 
kA23a000000GIvKCAW_3_0
 

Cause

The current AD or LDAP search base has to find the user within numerous folders on the AD or LDAP Server and does not succeed within ECS LDAP timeout period of 1000 milliseconds.

Typically, in this situation, the search base is assigned to the root location of the AD server.

Resolution

Troubleshooting

  1. Change the search base temporarily to the direct location of a test user who is affected by the intermittent login failure.
  2. Log in as that user multiple times to confirm successful logins.
  3. If the user is now constantly logging in successfully, then the search base size exceeds the default LDAP timeout issue of 1000 milliseconds.

 

Resolution

  • Option 1
Change the search base beyond the AD server root location to a more specific location in order to not exceed the LDAP timeout value of 1000 milliseconds.
  • Option 2
If the user is unable to limit the size of the search base, the search base must be set at the root location of the AD server. Open a Service Request (SR) and quote this article for Dell EMC ECS support to review the LDAP timeout configuration value. It is a requirement that ECS is on a minimum code level of 3.4.0.1 before the LDAP timeout change is implemented on all VDCs in the federation.

Additional Information

Whenever there is an ECS software upgrade, the LDAP timeout value changes to the default 1000 milliseconds. Ensure to check and change to the configured value after the upgrade.

Article Properties

Affected Product

ECS Appliance

Product

ECS

Last Published Date

22 Sep 2021

Version

3

Article Type

Solution

Back to Top