Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 12654 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sudden Dropped Packets for DNS and NetBios from DC

James Roughley

 All, I thought Id get this out there while Im waiting for the SSO fix, please excuse me if my info seems a little flaky, its still all relatively new to me.

 

At present I have no staff going through the UTM due to continuing problems - We have had the UTM for 3 months and it was set up by a re seller,came from the old Web Appliance to this and its been a learning curve, we had noticed no problems up until last weekend with the SSO issue we are all seeing.

 

Since the weekend Im having more and more problems, 1000s of dropped packets relating to DNS and Netbios from the DC to the UTM are being registered something and either sustained slow DNStime entries or no route to host, something which never happened before. UDP/137 UDP/53 are the top results and the primary DC tops the list. 

 

The DNS set up which was performed by the reseller is as follows and has worked without issue up until this week 

 

Global Tab = Internal (Network)

Forwarders = Domain Controllers group including DC1 and DC2 (and this week a Google address because Im getting No Route to Host errors with just the DC group in there)

Request Routing = ourdomain.local > Domain Controllers

Client DNS setting set to DC1 and DC2

 

Now Ive seen the Best Practice DNS thread and seems to be slightly different but due to it working I was/still am reluctant to change from how it was set up, the only change made was to turn off SSO authentication.

 

What Im wondering, is turning off SSO Authentication causing these packets to drop based on my DNS set up? - Another odd thing Im seeing is the WebAdmin URL is inaccessible every morning from the network.... I run netsh winsock reset on the PC and reboot and I can access it.

Things Ive tried are restoring the VM from a week old back up 

A brand new build with with a clean install of 9-501-5 

A brand new build with 9-413 

Same issues on all and no changes made to my network, If I bypass the UTM the DCs perform as they should regarding DNS resolution.

 

Is all this related to the SSO issue? 

 

Thank you

 

James

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi, James - first time I've seen you post - welcome to the UTM Community!

    This is not related to the SSO issue.  Please do #1 in Rulz and show us one or two applicable lines from the applicable log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob thank you 

    Not sure if there's something missing in your post "Please do #1"  was there meant to be a link to something?

     

    Sorry If Im missing something 

     

    Regards

     

    James

  • 0 in reply to James Roughley

    Oops!  Fixed now. [:)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob sorry for the lack of response, I was called away to another office for the weekend, Ill have a look at this and report back

    Oddly, and I don't know the relevance but I resolved or temporarily resolved the dropped packets and all Not host found errors by enabling the example DNS

    [balance DNS request individually] in Interfaces > Multipath rules 

     

    Im still curious why Ive had to make changes for DNS to work correctly when its been fine since March/April - Im still testing and at the moment Ive divert staff away from the UTM while I fully resolve 

     

    appreciate your help.

Reply
  • 0 in reply to BAlfson

    Bob sorry for the lack of response, I was called away to another office for the weekend, Ill have a look at this and report back

    Oddly, and I don't know the relevance but I resolved or temporarily resolved the dropped packets and all Not host found errors by enabling the example DNS

    [balance DNS request individually] in Interfaces > Multipath rules 

     

    Im still curious why Ive had to make changes for DNS to work correctly when its been fine since March/April - Im still testing and at the moment Ive divert staff away from the UTM while I fully resolve 

     

    appreciate your help.

Children
No Data
Unfiltered HTML