--On Friday, March 19, 2021 1:39 PM +0000 "Ballem, Narayanan" Narayanan.Ballem@Staples.com wrote:

HI ,

Thanks for your time and response. Looks like I missed this email.

I don't see issue with AD here, Let me explain bit more

We have 2 (1 master , 1 slave) servers in each site and those are under F5 LB with TCP enabled.

Under F5 setup Primary site servers takes load around 3K Ldap clients Secondary site servers take around 50K Ldap clients

The problem which I am seeing with primary site server directly by passing F5 layer when we test with 5-10 clients it's working as expected no issue with GID name fetching however when we enabled servers under F5 with all the clients we are seeing GID fetching issue. And we are not offloaded any cert in F5 it just TCP so no issue with F5 here. Similarly secondary site servers are working fine with F5 or directly without any issue and Backend AD syncing is working fine in both the sites.

Both the sites configuration are intact except systems are in different locations.

The only difference I see is no of clients are high in primary site and no errors in ldap server logs , I am not sure my ldap servers not able to take more than 100 clients. I am guessing some tuning might required.

Are you sure the F5 isn't silently closing connections? This is a common problem with F5's.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com