search cancel

UNAB - failed to get from the DNS LDAP Resource Records in site

book

Article ID: 256700

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

 

We have this recurring error in the logs (journalctl):

Dec 21 10:10:36 pimunabnode uxauthd[4780]: failed to get from the DNS LDAP Resource Records in site 'ADBDFEXP-DATACENTER' for 'adbdfint.private'


Endpoint is register by UNAB in an Active Directory adbdfexp.private in site ADBDFEXP-DATACENTER
But we are exploring other AD domains that have their own site (ADBDFINT-DATACENTER for adbdfint.private

Environment

Release : 14.1

Cause

 

It seems to have no impact

How to avoid this error ?

Resolution

That message just reports that your DNS does not have information about that site or is not configured to serve it.  

If AD users and groups that UNAB can find contain contain all they are interested in, that informational message can be ignored.

About the question on how to avoid it 

1) To resolve the actual underlying problem you need to fix your DNS. Just to avoid the message itself you can decrease UNAB's logging level. if the DNS is proven to be fine, then we suspect they set an invalid value token for the ad_site token for that UNAB EP.   Unless specified explicitly during registration, it is set by uxconsole as per information AD supplies to it.  The token can be changed later manually if desired, but it has to be a valid site name as configured in AD.  Otherwise, they will get that message and UNAB will forced to work less efficiently since it will be placing DNS queries for SRV in a non-existent site

 

 2) Setting the debug_level token to high or medium should stop that message from being logged.