Hello everyone, this is Tagore Nadh, a Sr. Technical Advisor on the Directory Services support team in Microsoft.   In this article, I will explain why scoping is important with a couple of good examples.

Generic Scoping Questions:

• What is your objective and the reason behind it?
• Can you provide a detailed description of the issue?
• What works and what does not?
• When does it occur and when does it not?
• Where is the issue observed and where is it not?
• What is the extent of the issue?
• Can you share details of the environment where the issue is occurring?
• What error message is displayed?
• How do you quantify the problem?
• How are you notified of the problem?
• What troubleshooting steps have you already undertaken?
• What is the business impact of this issue?
• Can you clarify what you aim to achieve by resolving this issue?

Next, Microsoft support engineer scopes the issue down to the specific component(s) causing the problem.

Scoping Example 1: 

What is your objective and the reason behind it?

End users reported an incident in Bangalore location where they are unable to login using domain’s credentials into their client machines.

Can you provide a detailed description of the issue?

All users at the Bangalore site are unable to log in to their client computers using their domain credentials.

How long has the issue been occurring?

Since Sunday

What has changed?

Network hardware switch upgrade during the weekend

How frequently does the issue occur?

Consistent issue, users are unable to log in to their client machines using domain credentials.

What works and what does not?

Users are unable to log in to their domain from their client machines at the Bangalore site / They can log in using local admin credentials.

When does it occur and when does it not?

Since Sunday / Until Saturday, all users were able to log in to their client machines using domain credentials.

Where is the issue observed and where is it not?

Bangalore, India / All other sites aren’t impacted.

What is the extent of the issue?

All users in Bangalore, about 300, are impacted out of 10,000 users in the entire company.

Can you share details of the environment where the issue is occurring?

Production environment

• 1 forest / 1 domain – Contoso.com
• 10 AD Sites
• Affected site name is Bangalore
• Client OS: Windows 10 23H2 and Windows 11 23H2
• How many domain controllers exist in that site? 4 Windows 2019 Operating System
• Names of DCs: DC1, DC2, DC3 and DC4 with <IP address details here>
• Is DNS Microsoft AD integrated or third party? Microsoft AD Integrated
• Are clients pointing to the same site domain controllers for DNS? Yes, DC1 is Primary and DC2 alternate DNS.
• Do they use DHCP? Yes

What error message is displayed?

No logon servers are available to service the request

How do you quantify the problem?

300 users are impacted.

How are you notified of the problem?

End users at the Bangalore site reported the issue.

What troubleshooting steps have you already undertaken?

• Tried to login to client machine locally – works
• Attempted to ping the domain name – doesn’t work, gets request timed out.
• Does pinging domain controller ip address work? – yes
• Does accessing resources using ip work? no, prompts for credentials

What is the business impact of this issue?

• The issue is in the production environment.
• 300 users are unable to work.
• As it is the month-end, loan requests can’t be completed in time, and other regular bank financial operations are impacted.
• This could result in a $1 million business loss if requests are not processed in time.

Can you clarify what you aim to achieve by resolving this issue?

To address user logon issues using domain credentials on workstations at the Bangalore site.

Resolution: These scoping answers helped a Microsoft support engineer quickly focus on domain controllers.   It was found that the E drive, where active directory database file (NTDS.DIT) resides over a network fiber channel in a different network segment via an upgraded Network hardware device.  A quick reboot of the domain controllers re-established connectivity to the network drives hosting active directory database file, resolving the issue.

Note: It is important to follow the same approach when dealing with multiple sub-problems of a main issue. The cause for each issue may differ.

Scoping Example 2:

What is your objective and the reason behind it?

Working on a development server deployment, mitigating security vulnerabilities reported on existing and new servers as per Qualys scans. The project deadlines are close by, with just a week away.

Can you provide a detailed description of the issue?

Below SSL/TLS vulnerabilities are detected as per Qualys Scan on multiple newly installed and existing servers.

• SSL Certificate Cannot Be Trusted
• SSL Certificate Expiry
• SSL Certificate Signed Using Weak Hashing Algorithm
• SSL Certificate with Wrong Hostname
• SSL Medium Strength Cipher Suites Supported (SWEET32)

How long have these vulnerabilities existed?

Vulnerabilities exist on 10 existing servers for the last 8 months and on new servers for a week. 

How frequently does Qualys scan happen?

The scan is run once a month

Can you share details of the environment where the issue is occurring?

• Development of non-prod environment
• 1 forest / 1 domain – Contoso.com
• Number of impacted servers: 25
• In-house or third-party applications running: Yes, several

What error message is displayed?

No error message

How do you quantify the problem?

25 servers are affected

How are you notified of the problem?

The security team suggested addressing vulnerabilities based on priority.

Qualys scan detected vulnerabilities.

What steps have you already undertaken and what help is needed?

Mitigation plans exist in the Qualys scan report. Need some advice from Microsoft on recommendations on how to implement?

What is the business impact due to this?

The security team reported non-compliance issues. If not addressed within a week, it could cause auto shutdown of these servers. This would impact developers, preventing them from testing their applications and thus delaying project timelines.

Can you clarify what you aim to achieve by resolving this issue?

What is the best way or approach to address reported vulnerabilities

Recommendation: On new servers, proceed to apply the suggested mitigation plans by Qualys. It isn’t simple to follow the same mitigations on old servers with in-house/third-party applications running without validating the compatibility of each mitigation plan. A phased approach is needed: apply one mitigation at a time and test to avoid any unexpected behaviors. Apply the same approach to one server at a time as they all host distinct applications with different configurations. 

 Note: It is important to follow the same approach when dealing with multiple sub-tasks of a main goal. The goal of each task may differ.

Conclusion: Scoping an issue is a fundamental step in problem-solving that ensures a thorough understanding and effective resolution. By systematically gathering detailed information and focusing on the core aspects of the problem, you can prioritize and address issues more efficiently. This approach not only helps in resolving the current problem but also prevents future occurrences, ultimately leading to a more stable and reliable environment for all CSS customers.

​Microsoft Tech Community – Latest Blogs –Read More