Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 465 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS+REDs - PCs on RED network shown as PRIVATE, not domain

Carlos Crespo

Hi,

I had an issue in this scenario:

XGS with  SFOS 19.0.1 MR-1-Build365 + 2 RED60, Server W2012R2. The REDs operation mode is set Standard/unified; REDs are in a RED Zone. Each RED as it's own DHCP range (set in Network|DHCP (to be able to add static mappings) - DNS server to both is set to the IP of the DC server.

A firewall rule is set to allow traffic from LAN+VPN to LAN+VPN all services.

This is my problem:

At boot time the PCs on both REDs subnets get the correct IP address, report the correct DNS server, but network type is shown as private. However if then I unplug the network cable, wait a few seconds and plug it again, network is shown as domain.

If i shutdown the PC and start it again a few minutes later (even 1 hour) the network is shown as domain.

This is strange, since I had a similar setup in another installation without this issue.

Any suggestions?

TIA,

Carlos



This thread was automatically locked due to age.
Parents
  • 0

    Sounds like a Windows Problem to me. Essentially RED is offering a Layer 2 tunnel. So i do not recall any kind of implication of this kind of problem. Windows sometimes does weird stuff talking about interface mappings. Can you see anything in the window event logs? 

    __________________________________________________________________________________________________________________

Reply
  • 0

    Sounds like a Windows Problem to me. Essentially RED is offering a Layer 2 tunnel. So i do not recall any kind of implication of this kind of problem. Windows sometimes does weird stuff talking about interface mappings. Can you see anything in the window event logs? 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Hi,

    I have a few events on System Log that could explain this issue, however I think they are the result of the problem and not the cause.

    Additional info:

    1. I had this issue with every PC on both locations;
    2. I don't have this issue if the PC is connected at main office;
    3. My laptop has an internal newtork, a wireless adapter and I also use an HP USB Port Replicator with a network port - same issue with all the adapters (both REDs have additional wireless modules, and I also had AP320 on the main office and at both RED locations);
    4. Previous setup was a XG210 on main office and 2 RED15 - never had this issue - there was no change on the PCs and on the network itself.

    Looking at the event log:

    16977 info from Directory-Services-SAM showing domain password definitions;
    50036,50103 info DHCPv4 started
    51043 info DHCPv6 started
    1014 warning name resolution exceeds limit time after none of the DNS servers had answered
    5719 error - detail domain is not available
    1129 error - failed to process group policy (this is expected since there was no connection to DC)
    8015 warning system could not register record resources to network adapter (message shows DC suffix and DNS server IP - they are correct)
    134 warning NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error 

    15 min later:
    137 info NtpClient succeeds in resolving manual peer dcsrv.domain.local after a previous failure.
    35 info The time service is now synchronizing the system time with the time source

    But network is still set as private.

    In this state I can access the local network, browse the internet, etc.

    nltest /sc_query , nslookup -type=soa returns successfully.

    1 hour after startup the network was still private - unplug the network cable, plug it again: event 1500 was registered (GPs were processed successfully) and network type is domain.

    From the last month we had lived with this (boot, wait 2/3 minutes, unplug the network, wait 30 sec,plug it again) but this is not practical - and I will had other locations where users definitely will not accept this as a solution...).

Unfiltered HTML