Why does IWA Direct fail after changing DNS settings?

book

Article ID: 167523

calendar_today

Updated On:

Products

Asset Management Solution SG-300 SG-600 SG-510 SG-9000 SG-900 SG-S500 SG-S400

Issue/Introduction

When the proxy is added to an Active Directory domain as part of configuring IWA Direct, the DNS name of the active directory is used. If DNS parameters are changed it can cause the proxy to be unable to communicate with the Active Directory.

The following are possible scenarios:

  • You reordered the list of DNS servers and the first DNS server in the list returned an IP address that was a public address that the firewall would block RPC requests to Active Directory.
  • You removed some Active Directories from the network, but did not update the DNS. This caused invalid IP addresses to be returned to the proxy.

Note that the proxy and the Active Directory may be able to communicate initially but either of the previous scenarios could occur later and cause a working configuration to fail.