re: RPC Endpoint Mapper in a network trace

Kerry — Fri, 19 Jun 2009 11:52:37 GMT

We are seeing a strange issue with or DB2 clients (XP) joined to the domain. Once joined to the domain the application authetication windows takes 40 seconda to pop up as againt 2 sec when it was in a workgroup. From the frames, it looks like for some reason when the application is clicked, the clients trying to get the Auth Window from the AD DC (see GENA (5000) frames instead of DB2 Server...which i think is adding the delay. Can you assist as to how i can mitigate this delay? (DB 2 Server is running on AIX Machine and is configured to listed on port 50000...its a direct IP connection i.e. no name resolution issues)

I have attached the capture file for your info. Any help would be much appreciated.

First time 3-way Handshake

8 0.000000 {TCP:6, IPv4:5} DB2 Client AD DC TCP TCP:Flags=......S., SrcPort=1074, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2880073679, Ack=0, Win=65535 ( ) = 65535

9 0.000000 {TCP:6, IPv4:5} AD DC DB2 Client TCP TCP:Flags=...A..S., SrcPort=DCE endpoint resolution(135), DstPort=1074, PayloadLen=0, Seq=2774228518, Ack=2880073680, Win=16384 ( Scale factor not supported ) = 16384

10 0.000000 {TCP:6, IPv4:5} DB2 Client AD DC TCP TCP:Flags=...A...., SrcPort=1074, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2880073680, Ack=2774228519, Win=65535 (scale factor 0x0) = 65535

RPC Bind to the Endpoint Mapper

11 0.000000 {MSRPC:7, TCP:6, IPv4:5} DB2 Client AD DC MSRPC MSRPC:c/o Bind: UUID{E1AF8308-5D1F-11C9-91A4-08002B14A0FA} EPT Call=0xD Assoc Grp=0x0 Xmit=0x16D0 Recv=0x16D0

12 0.000000 {MSRPC:7, TCP:6, IPv4:5} AD DC DB2 Client MSRPC MSRPC:c/o Bind Ack: Call=0xD Assoc Grp=0x2481B8 Xmit=0x16D0 Recv=0x16D0

End point Map Request to the Application

13 0.000000 {MSRPC:7, TCP:6, IPv4:5} DB2 Client AD DC EPM EPM:Request: ept_map:

14 0.000000 {MSRPC:7, TCP:6, IPv4:5} AD DC DB2 Client EPM EPM:Response: ept_map:

Second time 3-way Handshake

15 0.000000 {TCP:8, IPv4:5} DB2 Client AD DC TCP TCP:Flags=......S., SrcPort=1075, DstPort=GENA(5000), PayloadLen=0, Seq=3342506103, Ack=0, Win=65535 ( ) = 65535

16 0.000000 {TCP:8, IPv4:5} AD DC DB2 Client TCP TCP:Flags=...A..S., SrcPort=GENA(5000), DstPort=1075, PayloadLen=0, Seq=1515412576, Ack=3342506104, Win=16384 ( Scale factor not supported ) = 16384

17 0.000000 {TCP:8, IPv4:5} DB2 Client AD DC TCP TCP:Flags=...A...., SrcPort=1075, DstPort=GENA(5000), PayloadLen=0, Seq=3342506104, Ack=1515412577, Win=65535 (scale factor 0x0) = 65535

RPC Bind to the Endpoint Mapper

18 0.000000 {MSRPC:9, TCP:8, IPv4:5} DB2 Client AD DC MSRPC MSRPC:c/o Bind: UUID{12345778-1234-ABCD-EF00-0123456789AB} LSARpc Call=0xD Assoc Grp=0x0 Xmit=0x16D0 Recv=0x16D0

19 0.000000 {MSRPC:9, TCP:8, IPv4:5} AD DC DB2 Client MSRPC MSRPC:c/o Bind Ack: Call=0xD Assoc Grp=0x363A17 Xmit=0x16D0 Recv=0x16D0

End point Map Request to the Application

20 0.000000 {MSRPC:9, TCP:8, IPv4:5} DB2 Client AD DC LSAT LSAT:LsarLookupNames4 Request, *Encrypted*

21 0.000000 {MSRPC:9, TCP:8, IPv4:5} AD DC DC DB Client LSAT LSAT:LsarLookupNames4 Response, *Encrypted*

After these frames only i see that the DB Client connecting to DB Server

22 0.000000 Admin.exe {TCP:11, IPv4:10} DB2 Client DB2 Server TCP TCP:Flags=......S., SrcPort=1076, DstPort=50000, PayloadLen=0, Seq=2538123636, Ack=0, Win=65535 ( Negotiating scale factor 0x1 ) = 65535

BlogMS Weekly Articles Published – 2nd February to 8th February

BlogMS - Official Microsoft Team Blogs — Mon, 09 Feb 2009 21:19:25 GMT

214 Microsoft Team blogs searched, 93 blogs have new articles in the past 7 days. 212 new articles found

Active Directory and Firewalls « IT notes

Active Directory and Firewalls « IT notes — Thu, 05 Feb 2009 00:36:55 GMT

PingBack from http://virdep.wordpress.com/2009/02/04/active-directory-and-firewalls/