¿What should I add in this "DNSHostName" parameter?

%3CLINGO-SUB%20id%3D%22lingo-sub-2461111%22%20slang%3D%22en-US%22%3E%C2%BFWhat%20should%20I%20add%20in%20this%20%22DNSHostName%22%20parameter%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2461111%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%20this%20information%20has%20really%20exploded%20in%20my%20head%20because%20I%20don't%20understand%20how%20no%20one%20can%20be%20clear%20enough%20to%20explain%20what%20is%20going%20on%20here%3A%20%3CSTRONG%3EDNSHostName%3C%2FSTRONG%3E.%3C%2FP%3E%3CP%3EI%20have%20an%20implementation%20with%20sensor%20on%20dedicated%20server%2C%20running%20port%20mirroring%20through%20hyperV.%20I%20did%20the%20test%20with%20an%20account%20and%20password%20and%20it%20worked%20I%20would%20say%2060%25%2C%20since%20in%20the%20alerts%20it%20indicated%20that%20the%20sensor%20had%20limited%20information%20capture%2C%20something%20like%20that.%20Then%20for%20good%20practices%20and%20security%20it%20was%20recommended%20to%20use%20gMSA.%3CBR%20%2F%3EThe%20issue%20is%20that%20I%20have%20already%20created%20about%205%20different%20accounts%20and%20always%20the%20same%20message%20from%20the%20portal%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDirectory%20service%20user%20credentials%20are%20incorrect%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20command%20I%20used%3A%3CBR%20%2F%3ENew-ADServiceAccount%20-%3CSTRONG%3EName%3C%2FSTRONG%3E%20%3CASSIGN_GMSA_NAME%3E%20-%3CSTRONG%3EDNSHostName%3C%2FSTRONG%3E%20%20-%3CSTRONG%3EPrincipalsAllowedToRetrieveManagedPassword%3C%2FSTRONG%3E%20%3CSECURITY_GROUP_NAME%3E.%3C%2FSECURITY_GROUP_NAME%3E%3C%2FASSIGN_GMSA_NAME%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EName%3C%2FSTRONG%3E%3A%20For%20example%20'MDI-GMSA'.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSTRONG%3EDNSHostname%3C%2FSTRONG%3E%3A%20Try%20the%20FQDN%20of%20some%20DC%2C%20then%20with%20the%20FQDN%20of%20the%20server%20with%20dedicated%20sensor%20and%20a%20random%20name%2C%20for%20example%20'GMSA'.%3CBR%20%2F%3E%3CSTRONG%3EPrincipalsAllowedToRetrieveManagedPassword%3C%2FSTRONG%3E%3A%20I%20have%20a%20security%20group%20with%20all%20DCs.%3C%2FP%3E%3CP%3EPlease%20help%20me%20to%20understand%20what%20is%20my%20problem%20and%20explain%20me%20exactly%20what%20should%20I%20add%20here%20'%3CSTRONG%3EDNSHostname%3C%2FSTRONG%3E'.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20appreciate%20if%20you%20can%20help%20me%2C%20thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2464203%22%20slang%3D%22en-US%22%3ERe%3A%20%C2%BFWhat%20should%20I%20add%20in%20this%20%22DNSHostName%22%20parameter%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2464203%22%20slang%3D%22en-US%22%3EThe%20security%20group%20should%20also%20contain%20the%20standalone%20machine%20running%20the%20sensor...%20not%20only%20DCs.%3CBR%20%2F%3EAlso%2C%20why%20on%20earth%20are%20you%20deploying%20the%20standalone%20version%20and%20not%20the%20integrated%20one%20on%20the%20DC%3F%3CBR%20%2F%3EThere%20are%20very%20rare%20cases%20where%20I%20would%20recommend%20that%20as%20the%20correct%20option...%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello everyone, this information has really exploded in my head because I don't understand how no one can be clear enough to explain what is going on here: DNSHostName.

I have an implementation with sensor on dedicated server, running port mirroring through hyperV. I did the test with an account and password and it worked I would say 60%, since in the alerts it indicated that the sensor had limited information capture, something like that. Then for good practices and security it was recommended to use gMSA.
The issue is that I have already created about 5 different accounts and always the same message from the portal:

 

Directory service user credentials are incorrect

 

The command I used:
New-ADServiceAccount -Name <assign_gMSA_name> -DNSHostName <?????????> -PrincipalsAllowedToRetrieveManagedPassword <security_group_name>.

Name: For example 'MDI-GMSA'.


DNSHostname: Try the FQDN of some DC, then with the FQDN of the server with dedicated sensor and a random name, for example 'GMSA'.
PrincipalsAllowedToRetrieveManagedPassword: I have a security group with all DCs.

Please help me to understand what is my problem and explain me exactly what should I add here 'DNSHostname'.

 

I appreciate if you can help me, thank you.

4 Replies
The security group should also contain the standalone machine running the sensor... not only DCs.
Also, why on earth are you deploying the standalone version and not the integrated one on the DC?
There are very rare cases where I would recommend that as the correct option...
The customer required this type of implementation and if you have to do what they need.
I will try to add this "standalone sensor" machine into the security group.
I will comment on any new developments. Tks Eli!
At least let them know that as of now, only 2.3% of sensors world wide are standalone, and this number keeps dropping. 99% of the cases customers are using the standalone version due to wrong reasons....
Good point Eli, I will take it into consideration in future implementations. Thank you!