cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

¿What should I add in this "DNSHostName" parameter?

Christopher Campos
Copper Contributor

‎Jun 17 2021 05:11 PM - edited ‎Jun 17 2021 05:12 PM

‎Jun 17 2021 05:11 PM - edited ‎Jun 17 2021 05:12 PM

¿What should I add in this "DNSHostName" parameter?

Hello everyone, this information has really exploded in my head because I don't understand how no one can be clear enough to explain what is going on here: DNSHostName.

I have an implementation with sensor on dedicated server, running port mirroring through hyperV. I did the test with an account and password and it worked I would say 60%, since in the alerts it indicated that the sensor had limited information capture, something like that. Then for good practices and security it was recommended to use gMSA.
The issue is that I have already created about 5 different accounts and always the same message from the portal:

 

Directory service user credentials are incorrect

 

The command I used:
New-ADServiceAccount -Name <assign_gMSA_name> -DNSHostName <?????????> -PrincipalsAllowedToRetrieveManagedPassword <security_group_name>.

Name: For example 'MDI-GMSA'.


DNSHostname: Try the FQDN of some DC, then with the FQDN of the server with dedicated sensor and a random name, for example 'GMSA'.
PrincipalsAllowedToRetrieveManagedPassword: I have a security group with all DCs.

Please help me to understand what is my problem and explain me exactly what should I add here 'DNSHostname'.

 

I appreciate if you can help me, thank you.

Preview file
102 KB
1,182 Views
0 Likes
4 Replies
Reply
4 Replies
Eli Ofek

‎Jun 18 2021 12:17 PM

‎Jun 18 2021 12:17 PM

Re: ¿What should I add in this "DNSHostName" parameter?

The security group should also contain the standalone machine running the sensor... not only DCs.
Also, why on earth are you deploying the standalone version and not the integrated one on the DC?
There are very rare cases where I would recommend that as the correct option...
1 Like
Reply
Christopher Campos

‎Jun 22 2021 06:29 AM

‎Jun 22 2021 06:29 AM

Re: ¿What should I add in this "DNSHostName" parameter?

The customer required this type of implementation and if you have to do what they need.
I will try to add this "standalone sensor" machine into the security group.
I will comment on any new developments. Tks Eli!
0 Likes
Reply
Eli Ofek

‎Jun 22 2021 07:57 AM

‎Jun 22 2021 07:57 AM

Re: ¿What should I add in this "DNSHostName" parameter?

At least let them know that as of now, only 2.3% of sensors world wide are standalone, and this number keeps dropping. 99% of the cases customers are using the standalone version due to wrong reasons....
0 Likes
Reply
Christopher Campos

‎Jun 22 2021 08:07 AM

‎Jun 22 2021 08:07 AM

Re: ¿What should I add in this "DNSHostName" parameter?

Good point Eli, I will take it into consideration in future implementations. Thank you!
0 Likes
Reply