Feature request: Low success rate of active name resolution - More options + insights plz!

%3CLINGO-SUB%20id%3D%22lingo-sub-2235777%22%20slang%3D%22en-US%22%3EFeature%20request%3A%20Low%20success%20rate%20of%20active%20name%20resolution%20-%20More%20options%20%2B%20insights%20plz!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2235777%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F663304%22%20target%3D%22_blank%22%3E%40ll%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20experience%20the%20spontaneous%20emergence%20of%20the%20above-mentioned%20health%20problem%20in%20several%20customer%20networks.%20These%20appear%20without%20the%20(conscious)%20change%20in%20the%20environment%20taking%20place.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Jens_Mander_0-1616695809189.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267119i74FC1F79708FB8D5%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Jens_Mander_0-1616695809189.png%22%20alt%3D%22Jens_Mander_0-1616695809189.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20all%20the%20love%20for%20the%20product%2C%20I%20have%20understood%20the%20possible%20causes%20listed%20here%2C%20only%20analyzing%20these%20is%20very%20time-consuming%20and%20challenging.%20Yes%2C%20we%20opened%20support%20calls%20at%20Microsoft.%20Here%20we%20have%20a%20couple%20of%20Wireshark%20filters%20suggested%20to%20investigate%20the%20problems.%20Now%20we%20are%20not%20talking%20about%20small%20networks%2C%20but%20about%20worldwide%20installations%20with%20many%20DCs%2C%20even%20more%20servers%20and%20tons%20of%20clients.%20I%20have%20now%20burned%20so%20much%20time%20with%20packet%20sniffing%2C%20firewall%20log%20evaluations%20and%20analyzes%20and%20would%20like%20to%20see%20better%20support%20in%20the%20product%20itself.%20E.g.%2C%20a%20suitable%20log%20level%20for%20the%20sensors%20(without%20support%20tickets).%20Or%20clear%20information%20in%20the%20timeline%20of%20the%20MSDI%20Health%20Center!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20don't%20get%20it%20wrong%2C%20I%20really%20love%20MSDI%20and%20have%20been%20advising%20%2F%20recommending%20the%20product%20range%20for%20many%20years%20since%20ATA%20has%20been%20around.%26nbsp%3B%3CSPAN%20class%3D%22VIiyi%22%3E%3CSPAN%20class%3D%22JLqJ4b%20ChMk0b%22%3E%3CSPAN%3ETogether%20with%20my%20colleagues%2C%20I%20have%20supplied%20a%20large%20number%20of%20customers%20with%20the%20ATP%20%2F%20Defender%20product%20line%20and%20I%20am%20absolutely%20convinced%20of%20the%20added%20value%20and%20necessity%20of%20the%20products.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%20Nevertheless%2C%20I%20find%20that%20the%20troubleshooting%20of%20NNR%20is%20disastrous.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%20and%20tia%2C%3C%2FP%3E%3CP%3EJens...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2236357%22%20slang%3D%22en-US%22%3ERe%3A%20Feature%20request%3A%20Low%20success%20rate%20of%20active%20name%20resolution%20-%20More%20options%20%2B%20insights%20plz!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2236357%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3EYou%20don't%20have%20to%20use%20packet%20sniffing.%3CBR%20%2F%3EAsk%20support%20to%20request%20increase%20of%20the%20log%20level%20of%20the%20sensor%20to%20verbose%20level%20for%20a%20few%20h%20ours%20during%20working%20hours.%20while%20you%20won't%20be%20able%20to%20see%20the%20logs%20locally%20%2C%20and%20it%20might%20cause%20a%20temporary%20perf%20hit%20on%20the%20sensor%2C%20after%20collecting%20this%20data%20in%20our%20backend%20for%20a%20few%20hours%2C%20support%20can%20give%20you%20a%20table%20that%20shows%20you%20the%20top%20IPs%20for%20each%20method%20that%20fails%20resolution...%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20manual%20packet%20sniffing%20way%20is%20only%20good%20for%20small%20environments%20or%20when%20it%20happens%20on%20a%20specific%20machine.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20want%20to%20see%20more%20of%20this%20available%20to%20the%20end%20user%2C%20I%20suggest%20sending%20the%20feedback%20to%20AatpFeedback%20at%20microsoft.com%20so%20product%20will%20consider%20it%20for%20future%20versions%20if%20more%20customers%20suggest%20the%20same.%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi @ll,

 

I experience the spontaneous emergence of the above-mentioned health problem in several customer networks. These appear without the (conscious) change in the environment taking place.

 

Jens_Mander_0-1616695809189.png

 

With all the love for the product, I have understood the possible causes listed here, only analyzing these is very time-consuming and challenging. Yes, we opened support calls at Microsoft. Here we have a couple of Wireshark filters suggested to investigate the problems. Now we are not talking about small networks, but about worldwide installations with many DCs, even more servers and tons of clients. I have now burned so much time with packet sniffing, firewall log evaluations and analyzes and would like to see better support in the product itself. E.g., a suitable log level for the sensors (without support tickets). Or clear information in the timeline of the MSDI Health Center!

 

Please don't get it wrong, I really love MSDI and have been advising / recommending the product range for many years since ATA has been around. Together with my colleagues, I have supplied a large number of customers with the ATP / Defender product line and I am absolutely convinced of the added value and necessity of the products. Nevertheless, I find that the troubleshooting of NNR is disastrous.

 

Cheers and tia,

Jens...

 

1 Reply
Hi,
You don't have to use packet sniffing.
Ask support to request increase of the log level of the sensor to verbose level for a few h ours during working hours. while you won't be able to see the logs locally , and it might cause a temporary perf hit on the sensor, after collecting this data in our backend for a few hours, support can give you a table that shows you the top IPs for each method that fails resolution...

The manual packet sniffing way is only good for small environments or when it happens on a specific machine.

If you want to see more of this available to the end user, I suggest sending the feedback to AatpFeedback at microsoft.com so product will consider it for future versions if more customers suggest the same.