Forum Discussion

GeoffMauch's avatar
GeoffMauch
Copper Contributor
Sep 08, 2022

A domain controller is unreachable by a Sensor

Anyone else seeing large amount of DC Health alerts after latest MDI agent update to 2.189.15674 this week? Last two days all DCs suddenly started having same health alerts: "Sensor, xxxxxx, has limi...
  • cidorr's avatar
    cidorr
    Copper Contributor
    Sep 12, 2022
    We also are seeing the same issue. We updated the sensors from Winpcap to Npcap around 8/31 and sensors started having issues around 9/7. I have a ticket in with Microsoft on this as well.
  • GeoffMauch's avatar
    GeoffMauch
    Copper Contributor
    Sep 12, 2022
    Any updates on your end on this issue? Thanks
  • brianvessey's avatar
    brianvessey
    Copper Contributor
    Sep 09, 2022
    Add me to the list. 2 DCs, one on 2012R2, the other on 2016 and they both started throwing this error early AM of Sept 7.

    I had also uninstalled the previous sensor and installed the updated version to move from winpcap to npcap. That change was done on or around Aug 31 if it matters.

    Thanks
  • cjohnston's avatar
    cjohnston
    Brass Contributor
    Sep 08, 2022

    Martin_Schvartzman 

     

    We are also seeing this. We recently updated to remove the Winpcap and add the Npcap service and after that we started seeing the same

     

     

    2022-09-07 16:16:35.2886 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__47 RunPeriodic <RegisterPeriodicTask>b__1 failed
Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=OURDC.COM]

     

     

    but we know our gMSA is correct and I've tested the permissions on it using https://docs.microsoft.com/en-us/powershell/module/activedirectory/test-adserviceaccount?view=windowsserver2019-ps . The rest of the logs make it look like everything is working normally

     

     

    2022-09-07 16:16:34.0854 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]
2022-09-07 16:16:34.1635 Info LocalImpersonationManager CreateImpersonatorInternalAsync started [UserName=OurgMSA Domain=Ourdomain IsGroupManagedServiceAccount=True]
2022-09-07 16:16:34.1948 Info LocalImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=OurgMSA Domain=Ourdomain IsSuccess=True]
2022-09-07 16:16:34.1948 Info LocalImpersonationManager CreateImpersonatorInternalAsync finished [UserName=OurgMSA Domain=Ourdomain]
2022-09-07 16:16:34.1948 Debug GroupPolicyHelper GetKerberosPolicy started [domainDnsName=Ourdomain.org]
2022-09-07 16:16:34.2104 Debug GroupPolicyHelper GetKerberosPolicy finished [domainDnsName=Ourdomain.org MaxTicketAge=10 MaxRenewAge=7]
2022-09-07 16:16:34.2104 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]
2022-09-07 16:16:34.3510 Info DirectoryServicesResolver CreateDomainAsync created domain DC=Ourdomain,DC=org
2022-09-07 16:16:34.3667 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]

     

     

    But we also get the same constant repeat of 

    <CreateLdapConnectionAsync>d__47 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync Aborted since a connection to this domain controller has recently failed"

    • GeoffMauch's avatar
      GeoffMauch
      Copper Contributor
      Sep 08, 2022

      I should also mention that we also updated to remove the Winpcap and added the Npcap service last week on all of our DCs.

Resources