|
Posted by Will on March 29, 2008, 9:45 pm
Please log in for more thread options
I have a very strange situation here with a new DHCP Server that I cannot
make sense of and I need help to determine if I have a problem or I am
misunderstanding a protocol "feature". The domain controller and the DHCP
Server both run Windows 2003 Server. The DHCP Server has been authorized to
serve the domain and has been added to the DNS proxy updates group in Active
Directory, so that it can automatically maintain DNS entries for IPs that it
assigns to clients.
The DHCP Server - once each hour - is connecting to the domain controller on
the LDAP port. Conversation goes back and forth normally for about 20
seconds. Then we get a sequence something like the following:
1) Client does a "bindRequest (260) sasl" and gets back bindResponse (260).
2) Client sends out a sequence of "LDAP GSS-API Encrypted payload" packets
of various sizes.
3) Server sends back an Ack
4) Several seconds go by, and the client spontaneously CHANGES ITS SOURCE
PORT.
5) Now Client sends more "LDAP GSS-API Encrypted payload" packets of various
sizes, but firewall is blocking all of them because (obviously) it doesn't
like the source port being wrong for the established TCP connection.
Can someone speculate what the heck is going on here?
--
Will
| 
XML Sitemap