Forum Discussion
Low success rate of active name resolution
New install of Azure ATP Sensor on Domain Controller getting warning "Low success rate of active name resolution".
Corp-DC1, failed more than 90% of the time when doing active resolution using NetBIOS, NetworkNameResolverMethodRdpTlsName, RPC over NTLM and reverse DNS. It might affect detections capabilities and increase amount of FPs.
Recommendations
Check that the sensor can reach the DNS server and that Reverse Lookup Zones are enabled.
Check that Port 137 is open for inbound communication from MDI sensors, on all computers in the environment.
Check that Port 135 is open for inbound communication from MDI sensors, on all computers in the environment.
Check all network configuration (firewalls), as these could prevent communication to the relevant ports.
Need assistance interpreting or getting more information about this error. Domain controller is Server 2019 serving several sites/subnets. All other services work fine, we see no error messages in DNS Server or DNS client.
RNalivaika
Did you make sure the ports are open as described inhttps://docs.microsoft.com/en-us/defender-for-identity/prerequisites#ports
?
If yes, open a support case, so they can increase the trace level on your workspace to tell you more about when it fails.
10 Replies
- EliOfek
Microsoft
RNalivaika
Did you make sure the ports are open as described inhttps://docs.microsoft.com/en-us/defender-for-identity/prerequisites#ports
?
If yes, open a support case, so they can increase the trace level on your workspace to tell you more about when it fails.
- 감사합니다
EliOfek you mean Office365 support ?
