Forum Discussion
Name resolution alert for one DC only, for three name resolution methods
Hi, we have 6 DCs with the ATP sensor installed. One DC has recently started alerting with the following: "<ServerName> failed more than 90% of the time when doing active resolution using RPC ove...
EliOfek
Microsoft
MicrosoftStuartSquibb "Network traces do not reveal any unusual amount of DNS or NETBIOS name resolution failures" - Can you explain exactly what did you check ?
Anyway, the best option here is to contact support, they can turn on verbose logging for you on this machine for a few hours which will show detailed info about which IPs are not resolved, and also what what the failure percentage before you got the alert.
EliOfek we ran netsh trace on the DC in question up to the point that alert re-raised after we had closed it. We then looked for DNS and NBTNS traffic that was failing. I realise that doesn't cover every protocol in the alert, but DNS and NBTNS are protocols that are relatively easy to trace.
Sorry to be dense, but how do I contact support?
- EliOfek
StuartSquibb The alert is based on daily stats, so closing it will just make it reopen until the stats are stabilized, not sure if you will see enough failures during that time in a trace of a few minutes, but I di expect that with 90% failure rate you will see some failures in the trace...
See this for support options:
