Unable to join Proxy to the Domain due to error "NERR_DCNotFound"

book

Article ID: 168392

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

During attempts to configure IWA Direct, Proxy is unable to Join to Active Directory due to Error "NERR_DCNotFound"

Cause

A Packet Capture taken on the ProxySG with the following filter "host <DNS name of the domain>" shows that proxy is initiating a SYN packet to the IP of the Domain server but never receives a reply from the server.
The root cause of the issue could be one of the below reasons:

1. The Firewall configured on the network if it is seated between the SG and the Domain Controller (DC) is blocking the communication between SG and the DC over port 389.
2. The DC Windows Firewall is blocking the inbound sessions initiated by the SG over port 389
3. A routing issue when the SG's Gateway is not able to route this traffic back and forth between the SG and DC and v
ice versa
 

Resolution

Allow port 389 for inbound and outbound traffic on the Network Firewall and on the DC Windows Firewall; that way the SG is able to communicate with the DC.