|Applies To||RSA Product Set: NetWitness Logs and Network|
RSA Product/Service Type: NetWitness Logs and Network
RSA Version/Condition: 11.2
|Issue||Active Directory failing to connect to event sources after 11.2 upgrade.|
Once the 11.2 upgrade has been completed, it moved the contents of the /etc/resolv.conf to the /etc/netwitness/platform/ and the UI server (Node-Zero) started acting as a DNS proxy server. All other devices have the /etc/resolv.conf that now points to Node-Zero as the DNS Server.
|Cause||In version 11.2, we changed the architecture to create Node-Zero as a DNS Proxy server. Currently, the DNS proxy does not resolve short names.|
|Resolution||In order to resolve this issue, replace the /etc/resolv.conf with the correct information that can be found on node-zero in the /etc/netwitness/platform|
1. mv /etc/resolv.conf /etc/resolv.conf_old
2. cp /etc/netwitness/platform/resolv.conf.dnsmasq /etc/resolv.conf
3. Use the same /etc.resolv.conf for the other devices.
Note: Log collectors will need to have the collection services restarted if using short name lookup for WinRM.
|Workaround||Make sure that the /etc/resolv.conf is the same across all systems, the correct one is located on UI Server (Node-Zero) in the /etc/,/platform. Use this as the example to place the same information for all system.|