Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 1413 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DSN (I think) issues

Pete Hansen

Hello

Can someone point me in the rigth direction?
AD, DNS, DHCP servers is on separate network.
Created a new network for client computers. To start with, mada a allow all services rule between these networks.

Clients on the new network doesn't seem to connect to DNS server during boot/initial logon.
Getting different DNS related errors in event log, for expample:

Name resolution for the name _ldap._tcp.abc._sites.dc._msdcs.acbdomain.net. timed out after none of the configured DNS servers responded.

After a couple of minutes everything seems to run fine.



This thread was automatically locked due to age.
Parents
  • 0

    You created a DNS Request route for your internal domain? 

    The clients asking XG as a DNS Server? 

    XG´s forwarder is a DNS Service in the internet or your AD DNS Server?

     

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi, thanks !

    You created a DNS Request route for your internal domain? 

    Yes - mydomain.net, target servers my 2 internal DNS servers. 

     

    The clients asking XG as a DNS Server? 

    No, clients asking internal DNS servers. Tried using XG as DNS server also - same result.

     

    XG's forwarder is internet DNS service.

     

    I do see this: Violation User_Identity in captured packet..

    Port4 Port1 IPv4 UDP 50384,53

    Violation
    USER_IDENTITY

    Not sure what to make of it? 

     

     

  • +1 in reply to Pete Hansen

    Do you use STAS or something like that? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, and now I tried to set Restrict client traffic during identity probe to No.

    This made the violation disappear.. But still in windows log a get:

    ID 5719

    This computer was not able to set up a secure session with a domain controller in domain 

    ID 129

    NtpClient was unable to set a domain peer to use as a time source because of discovery error.

    ID 1129

    The processing of Group Policy failed because of lack of network connectivity to a domain controller.

     

    Just 30 sek later:

    ID 37

    The time provider NtpClient is currently receiving valid time data from my domain controller

     

     

     

Reply
  • 0 in reply to LuCar Toni

    Yes, and now I tried to set Restrict client traffic during identity probe to No.

    This made the violation disappear.. But still in windows log a get:

    ID 5719

    This computer was not able to set up a secure session with a domain controller in domain 

    ID 129

    NtpClient was unable to set a domain peer to use as a time source because of discovery error.

    ID 1129

    The processing of Group Policy failed because of lack of network connectivity to a domain controller.

     

    Just 30 sek later:

    ID 37

    The time provider NtpClient is currently receiving valid time data from my domain controller

     

     

     

Children
Unfiltered HTML