Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DSN (I think) issues

Hello

Can someone point me in the rigth direction?
AD, DNS, DHCP servers is on separate network.
Created a new network for client computers. To start with, mada a allow all services rule between these networks.

Clients on the new network doesn't seem to connect to DNS server during boot/initial logon.
Getting different DNS related errors in event log, for expample:

Name resolution for the name _ldap._tcp.abc._sites.dc._msdcs.acbdomain.net. timed out after none of the configured DNS servers responded.

After a couple of minutes everything seems to run fine.



This thread was automatically locked due to age.
Parents
  • You created a DNS Request route for your internal domain? 

    The clients asking XG as a DNS Server? 

    XG´s forwarder is a DNS Service in the internet or your AD DNS Server?

     

    __________________________________________________________________________________________________________________

  • Hi, thanks !

    You created a DNS Request route for your internal domain? 

    Yes - mydomain.net, target servers my 2 internal DNS servers. 

     

    The clients asking XG as a DNS Server? 

    No, clients asking internal DNS servers. Tried using XG as DNS server also - same result.

     

    XG's forwarder is internet DNS service.

     

    I do see this: Violation User_Identity in captured packet..

    Port4 Port1 IPv4 UDP 50384,53

    Violation
    USER_IDENTITY

    Not sure what to make of it? 

     

     

  • Do you use STAS or something like that? 

    __________________________________________________________________________________________________________________

  • Yes, and now I tried to set Restrict client traffic during identity probe to No.

    This made the violation disappear.. But still in windows log a get:

    ID 5719

    This computer was not able to set up a secure session with a domain controller in domain 

    ID 129

    NtpClient was unable to set a domain peer to use as a time source because of discovery error.

    ID 1129

    The processing of Group Policy failed because of lack of network connectivity to a domain controller.

     

    Just 30 sek later:

    ID 37

    The time provider NtpClient is currently receiving valid time data from my domain controller

     

     

     

Reply
  • Yes, and now I tried to set Restrict client traffic during identity probe to No.

    This made the violation disappear.. But still in windows log a get:

    ID 5719

    This computer was not able to set up a secure session with a domain controller in domain 

    ID 129

    NtpClient was unable to set a domain peer to use as a time source because of discovery error.

    ID 1129

    The processing of Group Policy failed because of lack of network connectivity to a domain controller.

     

    Just 30 sek later:

    ID 37

    The time provider NtpClient is currently receiving valid time data from my domain controller

     

     

     

Children