Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 9368 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with Active Directory / GPO / DNS

Paul Kocher

Hi!

We are currently trying to integrate a SG 125 into our corporate network.

I followed the DNS best practice and it seems like everything is working. 

The internal hostnames are resolved as well as external hostnames when I use Support -> Tools -> DNS

Now the problem we have is that group policies don't apply at all. When I try to run gpupdate /force on a client computer it always fails,

saying there might be a problem with name resolution or the active directory replication time.

Running dcdiag /test:dns doesn't give any errors.

 

I'm really lost right now.

Our DC has the IP of 192.168.64.24, UTM 192.168.64.1

How would I be able to tell that the UTM settings are good?

When I run nslookup it resolves to utm.ourdomain.local also the IP 192.168.64.1

Am I right thinking it would have to resolve to 192.168.64.24 (our DC)?

 

Hopefully someone can help me fixing this issue. If more information is needed I will of course supply it.

 

Thanks in advance! 



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Paul, and welcome to the UTM Community!

    Did you follow my post, DNS best practice, or did you follow the KnowledgeBase article of the same name?  If the latter, please say how your configuration differs from the approach I documented.  Does the host name of your UTM follow The Zeroeth Rule in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for your reply!

    I did follow your Best DNS practice and (I guess) managed to set it up the way it is supposed to.

    If I run nslookup <domain_name> or just nslookup in general it will point to our DC.

    The IP-Settings do confuse me a bit. On the DC The IP's are:

    IPv4-Address: 192.168.64.24

    DHCP: No

    Standardgateway: 192.168.64.1 (UTM)

    DNS: 192.168.64.24 & 192.168.64.1

     

    On one of the clients:

    IPv4-Address: 192.168.64.106

    DHCP: No

    Standardgateway: 192.168.64.1 (UTM)

    DNS: 192.168.64.24 & 192.168.64.1

     

    Is this right?

     

    Now the Zeroeth Rule - I did use a unique FQDN (utm.pp24.local). 

    I don't understand the "Start with a hostname that is a unique (not used for anything else) FQDN resolvable in public DNS to your public IP" part.

    Would a .local IP be exposed to external networks?

    Do I need to open ports on the Firewall or set-up NAT rules in order to get Active Directory / GPO working?

     

    Thing is, our server was set-up by some company which just didn't finish the set-up completely.

    As in, we had the DC and some other servers set-up but no PC's have yet joined the domain.

    I'm currently using a single PC which joined the domain all others are routed directly to the UTM. 

    So I thought I'd try and get everything right with one PC and then let the others join the domain.

     

    If you need any more logs or anything please let me know.

    Spent another day at the office today and couldn't get it working....

    Cheers Paul

  • 0 in reply to Paul Kocher

    Just had the idea, is there a way to completely disable all protection settings and whatnot on the UTM for a minute?

    I'd just try to update the GPO and if it doesn't work I know it's not related to UTM and continue searching for a solution for my Active Directory problems

Reply
  • 0 in reply to Paul Kocher

    Just had the idea, is there a way to completely disable all protection settings and whatnot on the UTM for a minute?

    I'd just try to update the GPO and if it doesn't work I know it's not related to UTM and continue searching for a solution for my Active Directory problems

Children
Unfiltered HTML