on Nov 12, 2018Article Content
| Article Number | 000036945 |
| Applies To | RSA Product Set: NetWitness Logs and Network RSA Product/Service Type: NetWitness Logs and Network RSA Version/Condition: 11.2 |
| Issue | Active Directory failing to connect to event sources after 11.2 upgrade. Once the 11.2 upgrade has been completed, it moved the contents of the /etc/resolv.conf to the /etc/netwitness/platform/ and the UI server (Node-Zero) started acting as a DNS proxy server. All other devices have the /etc/resolv.conf that now points to Node-Zero as the DNS Server. |
| Cause | In version 11.2, we changed the architecture to create Node-Zero as a DNS Proxy server. Currently, the DNS proxy does not resolve short names. |
| Resolution | In order to resolve this issue, replace the /etc/resolv.conf with the correct information that can be found on node-zero in the /etc/netwitness/platform 1. mv /etc/resolv.conf /etc/resolv.conf_old 2. cp /etc/netwitness/platform/resolv.conf.dnsmasq /etc/resolv.conf 3. Use the same /etc.resolv.conf for the other devices. Note: Log collectors will need to have the collection services restarted if using short name lookup for WinRM. |
| Workaround | Make sure that the /etc/resolv.conf is the same across all systems, the correct one is located on UI Server (Node-Zero) in the /etc/,/platform. Use this as the example to place the same information for all system. |