"Failure - Probe time out" When Configuring Citrix ADC LDAP Monitor for Service Group

"Failure - Probe time out" When Configuring Citrix ADC LDAP Monitor for Service Group

book

Article ID: CTX232063

calendar_today

Updated On:

Description

When configuring Citrix LDAP monitor for a Service Group in large Active Directory environment, it could fail with the following error:
Failure - Probe time out.

User-added image

User-added image

Resolution

It is a best practice to reduce the returned values to a small number. For Active Directory LDAP systems the filter can be set to cn=Builtin that returns minimal results.

To make this change using ADCGUI, go to Traffic Management > Load balancing > Monitors > edit the LDAP Monitor and add CN=Builtin as filter.

User-added image

To make this change using ADC CLI:

add lb monitor MonitorName -scriptName nsldap.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -password password -encrypted -encryptmethod ENCMTHD_3 -LRTM ENABLED -baseDN "DC=dom,DC=com" -bindDN "CN=UserName,OU=CustomOU,DC=com,DC=com" -filter CN=Builtin

Problem Cause

An LDAP monitor probe is defined and is timing out with the normal parameters. No filter is defined to reduce the result. Filtering result reduces the amount of information returned by the request.

Issue/Introduction

When configuring NetScaler LDAP Monitor for a Service Group in large Active Directory environment, it could fail with the following error: Failure - Probe time out.

Additional Information

CTX114335 - How to Configure an LDAP Monitor on NetScaler
Citrix Blog - Monitoring secure LDAP using Citrix NetScaler

Powered by Wolken Software