This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DSN (I think) issues

Hello

Can someone point me in the rigth direction?
AD, DNS, DHCP servers is on separate network.
Created a new network for client computers. To start with, mada a allow all services rule between these networks.

Clients on the new network doesn't seem to connect to DNS server during boot/initial logon.
Getting different DNS related errors in event log, for expample:

Name resolution for the name _ldap._tcp.abc._sites.dc._msdcs.acbdomain.net. timed out after none of the configured DNS servers responded.

After a couple of minutes everything seems to run fine.

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 4 years ago

You created a DNS Request route for your internal domain?

The clients asking XG as a DNS Server?

XG´s forwarder is a DNS Service in the internet or your AD DNS Server?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Pete Hansen over 4 years ago in reply to LuCar Toni

Hi, thanks !

You created a DNS Request route for your internal domain?

Yes - mydomain.net, target servers my 2 internal DNS servers.

The clients asking XG as a DNS Server?

No, clients asking internal DNS servers. Tried using XG as DNS server also - same result.

XG's forwarder is internet DNS service.

I do see this: Violation User_Identity in captured packet..

Port4 Port1 IPv4 UDP 50384,53

Violation
USER_IDENTITY

Not sure what to make of it?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Pete Hansen over 4 years ago in reply to LuCar Toni

Hi, thanks !

You created a DNS Request route for your internal domain?

Yes - mydomain.net, target servers my 2 internal DNS servers.

The clients asking XG as a DNS Server?

No, clients asking internal DNS servers. Tried using XG as DNS server also - same result.

XG's forwarder is internet DNS service.

I do see this: Violation User_Identity in captured packet..

Port4 Port1 IPv4 UDP 50384,53

Violation
USER_IDENTITY

Not sure what to make of it?
Cancel
Vote Up 0 Vote Down

Cancel

Children

+1 LuCar Toni over 4 years ago in reply to Pete Hansen

Do you use STAS or something like that?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Pete Hansen over 4 years ago in reply to LuCar Toni

Yes, and now I tried to set Restrict client traffic during identity probe to No.

This made the violation disappear.. But still in windows log a get:

ID 5719

This computer was not able to set up a secure session with a domain controller in domain

ID 129

NtpClient was unable to set a domain peer to use as a time source because of discovery error.

ID 1129

The processing of Group Policy failed because of lack of network connectivity to a domain controller.

Just 30 sek later:

ID 37

The time provider NtpClient is currently receiving valid time data from my domain controller
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 4 years ago in reply to Pete Hansen

Hi Pete Hansen

Please refer to the article for STAS - https://community.sophos.com/kb/en-us/125468

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Pete Hansen over 4 years ago in reply to Keyur

Thanks but still no luck.
Cancel
Vote Up 0 Vote Down

Cancel
0 Pete Hansen over 4 years ago in reply to LuCar Toni

Removed STAS config on XG and reinstalled SSO suite.

That might have fix almost all event log errors, except GPO not being applied at logon but these are being applied 2h later. I can live with that and maybe fix it :)

We are using both heartbeat and STAT auth - is that a problem?

Thanks again
Cancel
Vote Up 0 Vote Down

Cancel