I'm hoping someone has a similar situation and can shed some light on how they configured their environment. We have a single domain. All of the GPOs work great; we use folder redirection to a local file server, and also map network drives for various users and groups. I have a few users that would like remote access to their files. When I initially installed the ZTNA agent, I could not access anything on my fileserver, either directly or via mapped drive; Windows would always prompt me for network credentials; I would enter the credentials and receive an error because it could not communicate with a domain controller.
Support suggested that I add our domain controllers into ZTNA resources (and public SRV records). This allowed me to manually access the fileserver (no more credential prompt). However, it broke just about everything else domain-wise on the machine. Once adding the domain controllers as a resource, any machine with the ZTNA agent has difficulty receiving and applying GPOs and login items do not process. Users attempt to log into their machine and wait up to 10 minutes just to be greeted by errors saying that 'redirection failed', and drives did not map. In this scenario, the machines are useless; users aren't going to manually map their network drives, or wait 10 minutes for a Windows login!
Has anyone with a traditional domain configuration successfully implemented ZTNA? Am I expecting too much to have redirected folders and mapped drives? We have over 500 PCs running great, and 20 ZTNA machines that are giving much trouble. Necessary to have the DCs as ZTNA resources?
Thank you for reading.