LDAP Timeout Issues With Active Directory Import

mfeinman · ‎Aug 03, 2022

Hi all ...

I'm seeing the following intermittent error in the AD Import (the actual DN is redacted):

2022-08-03 09:40:56,784 [rt.DomainDetailsImport] [INFO ] Importing organizational units, users and computers.

2022-08-03 09:42:46,894 [oryImport.LdapSearcher] [ERROR] Failed to search DN OU=myOU,DC=dc1,DC=dc2,DC=com, filter: ( &(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)) )
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.<>c__DisplayClass11.<SendRequest>b__10()
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.Retry(Action act, String errMsgFormat, Object[] args)
2022-08-03 09:42:46,899 [irectoryImportLauncher] [ERROR] Error occurred.
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.<>c__DisplayClass11.<SendRequest>b__10()
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.Retry(Action act, String errMsgFormat, Object[] args)
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.SendRequest(SearchRequest req, TimeSpan timeout)
at Flexera.Directory.ActiveDirectoryImport.LdapSearcher.<Search>d__2.MoveNext()
at Flexera.Directory.ActiveDirectoryImport.DomainDetailsImport.ImportUsers(OrganizationalUnit p_OrganizationalUnit, IXmlWriterHelper p_XmlWriterHelper)
at Flexera.Directory.ActiveDirectoryImport.DomainDetailsImport.ImportOrganizationalUnits(String p_DefaultNamingContext, IXmlWriterHelper p_XmlWriterHelper)
at Flexera.Directory.ActiveDirectoryImport.DomainDetailsImport.Execute(IXmlWriterHelper p_XmlWriterHelper)
at Flexera.Directory.ActiveDirectoryImport.ActiveDirectoryImportLauncher.Execute()

Is there a client timeout setting I can adjust to compensate for this error? Or is this an AD setting I need to get adjusted?

I'm running FNMS 2019 R1.

--Mark

kclausen · ‎Aug 03, 2022

@mfeinman - Is the domain you are trying to connect different than the domain that the beacon server is registered to?

If that is the scenario, then you likely have a network connectivity issue to deal with across domains/subnets, or you have a cross domain trust issue between the target domain and the beacon domain.

mfeinman · ‎Aug 04, 2022

Hi @kclausen ...

Is the domain you are trying to connect different than the domain that the beacon server is registered to?

No, it's the default AD Import job for "current domain". And the issue is intermittent - most of the time the AD Import works; once in a while, this error occurs.

--Mark

milindteli · ‎Aug 04, 2022

Try once below on the beacon where AD import is configured.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Managesoft Corp\Managesoft\ActiveDirectoryImporter\CurrentVersion RequestTimeout=300

mfeinman · ‎Aug 04, 2022

Ahhh, very good and thanks. Didn't know this already existed as a registry entry.

Doc link: ActiveDirectoryImport timer setting - Community (flexera.com)

I will definitely give this a try.

--Mark

LDAP Timeout Issues With Active Directory Import

Installation & Configuration