6498166 wrote:

> Hi, I've a strange problem on NAM 3.1.4
> I've 2 User Store defined, 1 edir and 1 Active Directory.
> In Active Directory User Store there're 5 DC defined. 4 of this have
> now problem because there're some WinClient that try to authenticate
> many times (about a virus) and the DC not respond correctly. The
> problem is that I can't access the User Store configuration (from che
> Admin Console) and the IDS are not starting correctly.
> The IDS stayed in pending state and on catalina.out there're many
> lines like this:
> <amLogEntry> 2012-06-04T20:09:07Z WARNING NIDS Application: Exception:
> NIDPLOGGING.300101037 </amLogEntry>
> Do you know how can I solve the problem? Is there a way to modify the
> AD configuration and remove the DC servers?
> Why NAM don't have a connection time out about LDAP connection failed
> and permit to access the User Store configuration?

We've had a similar issue but with eDirectory. We run a active/passive
setup where some edirectory instances are 'down' and accessing the user
store tab would take for ever. It is actually a pretty simple solution
to get around.

from the console (or ssh) execute:

echo "1" > /proc/sys/net/ipv4/tcp_syn_retries

The iManager plugin validates the servers and see if they are reachable
and if the credentials are valid. I believe it does it sequentially. So
if you have 4 DC's that can't be contacted it can take for quite some
time. So see if the above speeds things up....