Forum Discussion

Copper Contributor

Mar 17, 2021

NNR in a UNIX environment

Hi, we’re having a DC which is getting isolated via its own AD subnet as it only serves our backup procedure rather than providing any other service to the domain. Because of the nature of the AD, th...

Icon for Microsoft rank

Microsoft

Mar 18, 2021

Which methods are mentioned in the alert as failing more than 90% of the time?
Also, you mention the device is isolated, but it appears it accepts connections from outside or else the sensor would not try to NNR them... it only happens as a response to incoming connection.

Nonsaho
Copper Contributor
Mar 18, 2021
The message I am getting is “x sensor/s failed more than 90% of the time when doing active resolution using NetBIOS, RDP over TLS, RPC over NTLM and reverse DNS. It might affect detection capabilities and increase amount of FPs”. We have 10 AD sites configured of which 9 have subnets with clients assigned to them. 1 site contains only the DCs IP as a subnet. That’s the isolation I am referring to. As mentioned, the A record for the domain is still assigned to the IP of this server, hence the UNIX devices are finding it. Reverse DNS is working, but none of the other 3 options as they are Windows proprietary or require to be on the same subnet as the DC.
- EliOfek
  Microsoft
  Mar 19, 2021
  That's a problem...
  in theory you can disable some of the methods, but it will be for the entire workspace, so it won't be a good idea.
  We are working to find better ways to do NNR with non windows machines, but not something I can share an ETA about.
  - Nonsaho
    Copper Contributor
    Mar 19, 2021
    Thanks for your response

Resources