This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sudden Dropped Packets for DNS and NetBios from DC

All, I thought Id get this out there while Im waiting for the SSO fix, please excuse me if my info seems a little flaky, its still all relatively new to me.

At present I have no staff going through the UTM due to continuing problems - We have had the UTM for 3 months and it was set up by a re seller,came from the old Web Appliance to this and its been a learning curve, we had noticed no problems up until last weekend with the SSO issue we are all seeing.

Since the weekend Im having more and more problems, 1000s of dropped packets relating to DNS and Netbios from the DC to the UTM are being registered something and either sustained slow DNStime entries or no route to host, something which never happened before. UDP/137 UDP/53 are the top results and the primary DC tops the list.

The DNS set up which was performed by the reseller is as follows and has worked without issue up until this week

Global Tab = Internal (Network)

Forwarders = Domain Controllers group including DC1 and DC2 (and this week a Google address because Im getting No Route to Host errors with just the DC group in there)

Request Routing = ourdomain.local > Domain Controllers

Client DNS setting set to DC1 and DC2

Now Ive seen the Best Practice DNS thread and seems to be slightly different but due to it working I was/still am reluctant to change from how it was set up, the only change made was to turn off SSO authentication.

What Im wondering, is turning off SSO Authentication causing these packets to drop based on my DNS set up? - Another odd thing Im seeing is the WebAdmin URL is inaccessible every morning from the network.... I run netsh winsock reset on the PC and reboot and I can access it.

Things Ive tried are restoring the VM from a week old back up

A brand new build with with a clean install of 9-501-5

A brand new build with 9-413

Same issues on all and no changes made to my network, If I bypass the UTM the DCs perform as they should regarding DNS resolution.

Is all this related to the SSO issue?

Thank you

James

This thread was automatically locked due to age.

Parents

0 rsenio over 7 years ago

I had something similar quite a while back, DNS just started getting dropped. Could be your issue as well. All I did was remove the contents of the "Allowed Networks" in the global tab. Saved it, and then re-added what I had and saved it again.

I do think your particular setup is a little odd, why would the UTM DNS forwarder be your internal DNS? And what are the forwarders set on your internal DNS? Although, I think I understand what they were trying to accomplish when setting up your UTM. Just wasn't quite best practice in my opinion.

Here's what I would do:

Global Tab Allowed Networks - DC1 + DC2 objects

Forwarders - Google or ISP etc.

Your clients PC's can still have DC1 and DC2 set as their DNS. DC1 and DC2 DNS server should have their forwarders as the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rsenio over 7 years ago

I had something similar quite a while back, DNS just started getting dropped. Could be your issue as well. All I did was remove the contents of the "Allowed Networks" in the global tab. Saved it, and then re-added what I had and saved it again.

I do think your particular setup is a little odd, why would the UTM DNS forwarder be your internal DNS? And what are the forwarders set on your internal DNS? Although, I think I understand what they were trying to accomplish when setting up your UTM. Just wasn't quite best practice in my opinion.

Here's what I would do:

Global Tab Allowed Networks - DC1 + DC2 objects

Forwarders - Google or ISP etc.

Your clients PC's can still have DC1 and DC2 set as their DNS. DC1 and DC2 DNS server should have their forwarders as the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 James Roughley over 7 years ago in reply to rsenio

Thanks, will have a go at this buy Im sure ive tried every option, thanks for responding, see my last message to Bob regarding Interfaces > Multipath rules , strangely the example DNS one stopped the dropped packets.

Thanks again for taking the time to respond.

regards

James
Cancel
Vote Up 0 Vote Down

Cancel
0 James Roughley over 7 years ago in reply to James Roughley

And even more strangely, I can disable this multi path setting and DNS still seems to work as we had it set up originally with

Global > Internal

Forwarders > Domain Controllers

Request Routing > internal domain>domain controllers

I will test today
Cancel
Vote Up 0 Vote Down

Cancel