12-10-2013 03:53 AM - edited 03-18-2019 02:16 AM
Hi all,
may someone have some experience for the following issue:
In the TMS CCC start - java begins to run and would like authorize the user via kerberos / DC. Via SRV/DNS java is asking for the DC´s from the domain.
Now, if java ask for the dc´s > thers is given back a bunch of DC´s and 2 RODC´s. TMS (Java) can only communicate to the RODC. But reality is, that java tries to connect to each DC (not reachable) and then to the RODC. This takes sometimes up to 10 mins :-(.
Zoning in AD is checked and correct, ther are no other problems with the TMS server.
Is there a way to force java only to use the RODC´s ?
Many Thanks for some ideas....
/dirk
Solved! Go to Solution.
12-11-2013 11:04 AM
Where is the limitation coming from that TMS can only communicate to the RODC, by firewall/policy or by
TMS/Java?
Can you fix it via DNS so you just return the RODCs, shouldnt that fix your issue?
If its the firewall not sure if a icmp unreachable instead of dropping the packet would help as well.
If its Java, maybe a Java forum might be worth checking.
If you dont get a better answer here and you think its TMS consider to open a TAC case.
Please keep us updated on how you fixed it.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
12-11-2013 11:04 AM
Where is the limitation coming from that TMS can only communicate to the RODC, by firewall/policy or by
TMS/Java?
Can you fix it via DNS so you just return the RODCs, shouldnt that fix your issue?
If its the firewall not sure if a icmp unreachable instead of dropping the packet would help as well.
If its Java, maybe a Java forum might be worth checking.
If you dont get a better answer here and you think its TMS consider to open a TAC case.
Please keep us updated on how you fixed it.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
12-12-2013 01:31 PM
Hi Martin,
hmmm... i know - its more a design Problem from the customer Network.
But rejecting the DC´s in the firewall could be a good idea instead of drop the packets.
Will try it !
Many Thanks for the Tip !
/dirk
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: