LDAP Responding on TCP but not UDP - Win 2008

Hi All,

I've a Windows 2008 domain controller. Using portqry to test LDAP
connectivity it responds to TCP but not UDP.


C:\PortQryV2>portqry -n dc1 -p udp -e 389
Querying target system called:
dc1
Attempting to resolve name to IP address...

Name resolved to 10.0.0.17
querying...
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query

There is nothing but a switch between me and the DC, no firewalls (hardware
or software).

Has anyone got any idea what the problem is here?

Thanks,

Tim

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take into
account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests without
having to learn all the switch options. The details will be output in
notepad text files that pop up automagically.

The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Tim Boothby" <Tim Boothby@discussions.microsoft.com> wrote in message
news:DDC99F6A-4E61-4E7E-8CC6-52459468DDF8@microsoft.com...
> Hi All,
>
> I've a Windows 2008 domain controller. Using portqry to test LDAP
> connectivity it responds to TCP but not UDP.
>
>
> C:\PortQryV2>portqry -n dc1 -p udp -e 389
> Querying target system called:
> dc1
> Attempting to resolve name to IP address...
>
> Name resolved to 10.0.0.17
> querying...
> UDP port 389 (unknown service): LISTENING or FILTERED
> Using ephemeral source port
> Sending LDAP query to UDP port 389...
> LDAP query to port 389 failed
> Server did not respond to LDAP query
>
> There is nothing but a switch between me and the DC, no firewalls
> (hardware
> or software).
>
> Has anyone got any idea what the problem is here?
>
> Thanks,
>
> Tim
>

[spencerm]

I get the same error on all of the 2008 domain controllers I have tested. If you restarted ADDS and retest UDP 389 will respond back. I have goofed around with uninstalling updated/turning off windows firewall/etd and no luck. I enabled auditpol to grab extra logging and enabled NTDS logging but haven't come across anything that helps.