How to monitor if LDAP queries are failing or slow thus affecting performance


  • Hi all,

    I have a situation where we have a new webapp running on one server that uses LDAP to authenticate users via one of our domain controllers (DC).  Users have experienced errors from the app which I am trapping and there are about 25 errors a day.  The developer of the app says that these are authentication errors (I am not convinced that they are all authentication errors but cannot fully read the java dump output from the web server so I have to go with what he is saying).

    If the users retry the query (a refresh) two or three times, it eventually succeeds so he says that the domain controller must be busy or something.

    Is there any way for me to capture if LDAP queries are failing and/or if they are taking a long time to return the response to the original server?. I have a time stamp in my error log for when the application throws an error to the user and if I could compare that to a times tamp in an LDAP log, then maybe I can tell if the error logged relates to a failed LDAP query at the same time.

    Is there a Windows tool or add-on tool that would capture the LDAP failures to a log file?  I would prefer that this sit on the web server so that I am only capturing LDAP queries from this one server to the DC (or maybe the tool will only filter LDAP queries coming from one server)



    Thursday, February 16, 2017 7:02 PM


  • Hi

     Check these;

    How To Monitor LDAP, Kerberos and NTLM Traffic To Your Domain Controllers

    DC fails logons or experiences LDAP timeouts

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, February 16, 2017 7:19 PM

All replies