1

We have a server infrastructure which has hundreds of servers. All those servers are accessed through a key server. We have centralize to mange authentications.

So what I tried is I used this bash command in our key server to list all users in the group:

adquery group GROUP_NAME -a

And I used this result in the following python script to read the output and get it in to a variable called users:

users = os.popen("adquery group GROUP_NAME -a").read()

The problem I have is that when the script is run two three times it works fine and suddenly the command gives an empty output. And when I try to run the same command in the Linux prompt it still fails. But after some time. Again when I try to run it it works. For now I didn't even get a pattern on how this is happening. But when this happen anyone who has access to that server cannot get the results as for me.

Note - Update. One more thing to add.

When I try to query other things like adquery user USERNAME -a

They still work. It gives the output with no issue. But the command i mentioned before still fails with no error no output.

Can some one explain me why this is happening.

Laksith
  • 93
  • 9
  • off the cuff... can you specify the AD server that you are querying? The domain controllers could be having replication issues. – Jonathon Anderson Oct 23 '17 at 20:25
  • its a Windows 2000 Server . The server from which I'm querying is a suse Enterprise 11 server. We have centrify to inegrate both windows and linux platforms – Laksith Oct 26 '17 at 07:33

1 Answers1

1

This sounds like classic port exhaustion problem. You're running this command multiple times on an older OS which had less ports available 1024-5000.

On the Windows machine run a 'netstat -ano'. Look for connections to the same IP address with multiple ports, if lots of those are in "TIME_WAIT", it's another indication.

Also, use Task Manager to check for high memory utilization, this usually presents along with port exhaustion.

spacenomyous
  • 1,319
  • 7
  • 15