When the proxy is added to an Active Directory domain as part of configuring IWA Direct, the DNS name of the active directory is used. If DNS parameters are changed it can cause the proxy to be unable to communicate with the Active Directory.

The following are possible scenarios:

• You reordered the list of DNS servers and the first DNS server in the list returned an IP address that was a public address that the firewall would block RPC requests to Active Directory.
• You removed some Active Directories from the network, but did not update the DNS. This caused invalid IP addresses to be returned to the proxy.

Note that the proxy and the Active Directory may be able to communicate initially but either of the previous scenarios could occur later and cause a working configuration to fail.