Forum Discussion

GeoffMauch's avatar
GeoffMauch
Copper Contributor
Sep 08, 2022

A domain controller is unreachable by a Sensor

Anyone else seeing large amount of DC Health alerts after latest MDI agent update to 2.189.15674 this week? Last two days all DCs suddenly started having same health alerts: "Sensor, xxxxxx, has limi...
cjohnston's avatar
cjohnston
Brass Contributor
Sep 08, 2022

Martin_Schvartzman 

 

We are also seeing this. We recently updated to remove the Winpcap and add the Npcap service and after that we started seeing the same

 

 

2022-09-07 16:16:35.2886 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__47 RunPeriodic <RegisterPeriodicTask>b__1 failed
Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=OURDC.COM]

 

 

but we know our gMSA is correct and I've tested the permissions on it using https://docs.microsoft.com/en-us/powershell/module/activedirectory/test-adserviceaccount?view=windowsserver2019-ps . The rest of the logs make it look like everything is working normally

 

 

2022-09-07 16:16:34.0854 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]
2022-09-07 16:16:34.1635 Info LocalImpersonationManager CreateImpersonatorInternalAsync started [UserName=OurgMSA Domain=Ourdomain IsGroupManagedServiceAccount=True]
2022-09-07 16:16:34.1948 Info LocalImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=OurgMSA Domain=Ourdomain IsSuccess=True]
2022-09-07 16:16:34.1948 Info LocalImpersonationManager CreateImpersonatorInternalAsync finished [UserName=OurgMSA Domain=Ourdomain]
2022-09-07 16:16:34.1948 Debug GroupPolicyHelper GetKerberosPolicy started [domainDnsName=Ourdomain.org]
2022-09-07 16:16:34.2104 Debug GroupPolicyHelper GetKerberosPolicy finished [domainDnsName=Ourdomain.org MaxTicketAge=10 MaxRenewAge=7]
2022-09-07 16:16:34.2104 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]
2022-09-07 16:16:34.3510 Info DirectoryServicesResolver CreateDomainAsync created domain DC=Ourdomain,DC=org
2022-09-07 16:16:34.3667 Info DirectoryServicesClient CreateLdapConnectionAsync connected successfully [DomainControllerDnsName=ourdc.domain.com Domain=Ourdomain UserName=OurgMSA ]

 

 

But we also get the same constant repeat of 

<CreateLdapConnectionAsync>d__47 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync Aborted since a connection to this domain controller has recently failed"

GeoffMauch's avatar
GeoffMauch
Copper Contributor
Sep 08, 2022

I should also mention that we also updated to remove the Winpcap and added the Npcap service last week on all of our DCs.

Resources