[cifs-protocol] 115051312732870 detecting failed DCs in the KCC (MS-ADTS 6.2.2.3.4.4)

Sreekanth Nadendla srenaden at microsoft.com
Wed May 13 17:23:44 MDT 2015 

Dochelp in Bcc
Casemail in Cc

Hello Douglas,
                         Thank you for your inquiry about MS-ADTS specification. We have created incident 115051312732870 to track the investigation for this issue. One of the Open specifications team member will contact you shortly.


Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Douglas Bagnall [mailto:douglas.bagnall at catalyst.net.nz] 
Sent: Wednesday, May 13, 2015 6:44 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: detecting failed DCs in the KCC (MS-ADTS 6.2.2.3.4.4)


MS-ADTS 6.2.2.3.4.4 (v20140502, page 569) defines BridgeheadDCFailed
thus:

    /***** BridgeheadDCFailed *****/
    /* Determine whether a given DC is known to be in a failed state.
     * IN: objectGUID - objectGUID of the DC's nTDSDSA object.
     * IN: detectFailedDCs - TRUE if and only failed DC detection is
     *     enabled.
     * RETURNS: TRUE if and only if the DC should be considered to be in a
     *          failed state.
     */
    BridgeheadDCFailed(IN GUID objectGUID, IN bool detectFailedDCs) : bool
    {
        IF bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED is set in
        the options attribute of the site settings object for the local
        DC's site
            RETURN FALSE
        ELSEIF a tuple z exists in the kCCFailedLinks or
        kCCFailedConnections variables such that z.UUIDDsa =
        objectGUID, z.FailureCount > 1, and the current time -
        z.TimeFirstFailure > 2 hours
            RETURN TRUE
        ELSE
            RETURN detectFailedDCs
        ENDIF

The way the detectFailedDCs parameter is used in the pseudo-code seems at odds with its description in the comments (which is consistent with comments elsewhere in the stack). The pseudo-code is using detectFailedDCs as a default value in the case a failure is not detected, not as a switch turning detection on or off. As written, you can only actually detect a failed DC if detectFailedDCs is *false* -- when it is true, the return value merely reflects the NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED bit.

Shouldn't it look more like this:

        IF detectFailedDCs is FALSE or
           bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED is set [...]
            RETURN FALSE
        ELSEIF a tuple z exists [...]
            RETURN TRUE
        ELSE
            RETURN FALSE
        ENDIF


or is it the comments that need fixing?

cheers,
Douglas Bagnall

More information about the cifs-protocol mailing list