cancel
Showing results for 
Search instead for 
Did you mean: 
RayP
Level 7

The following domain(s) can't be contacted.

Hi,

We're using the McAfee Web Gateway 7 (7.1.6.0 12742).

We see the following message in the Dashboard.

WebGateway1 07-Nov-2012 06:28:06 The following domain(s) can't be contacted: <domainname.org> (Origin: Authentication)

WebGateway2 07-Nov-2012 05:21:04 The following domain(s) can't be contacted: <domainname.org> (Origin: Authentication)

Where can i find more information about this alert.

Nothing can be found in {Troubleshooting} Log Files. Not even the alert itself.

Regards,
Ray

9 Replies
kent.dyer
Level 9

Re: The following domain(s) can't be contacted.

Same issue here 7.2.0 (13081).  Anybody?  Bueller?  Bueller?

0 Kudos
jont717
Level 12

Re: The following domain(s) can't be contacted.

We get these every once and a while too!  7.3

We have 5 domain controllers in the list so I never worried about it when it could not get to one.  If I only had one, I would start to look into the issue.

0 Kudos
McAfee Employee

Re: The following domain(s) can't be contacted.

Hi Ray,

What kind of logs were you looking in?

Are you talking about the Authentication debug log (ONLY ENABLE WITH MANAGMENT EVENTS!!!!)? You can find it under Configuration > Troubleshooting. Once enabled this will create logs under Troubleshooting > Log Files > Debug > mwg-core__Auth.debug.log

7.2.x has a number of enhancments regarding Windows Domain Membership, I dont know if they would be related to the issue you are seeing though. As JonT said he see's those messages without any issue occuring.

Best,

Jon

0 Kudos
RayP
Level 7

Re: The following domain(s) can't be contacted.

Hi Jon,

No, the messages are in the Dasboard (main window), and I can't find them in [Troubleshooting]- [LogFiles].

Should I enalbe the "log management events" ?

If i enable "log authentication events" I think i will be overwhelmed with messages.

Regards,

Ray

Message was edited by: RayP on 11/11/12 2:08:57 AM CST
0 Kudos
McAfee Employee

Re: The following domain(s) can't be contacted.

You can enable "log managment events" only if you would like to debug further. Dont enable the other options as it could fill your disk pretty fast (like log authentication events).

Best,

Jon

0 Kudos
RayP
Level 7

Re: The following domain(s) can't be contacted.

Hi Jon,

So there's nothing that shows me what happend that night? Even when it's in the Dashboard?

Debugging is real time.

The problem is that it is not always, but a few times a month.

Where can I find the logfiles of the posted messages in the Dashboard.

Regards,

Ray

0 Kudos
McAfee Employee

Re: The following domain(s) can't be contacted.

Hi Ray,

There would not be anything that showed you what happened that night.

You can turn logging for managment events for authentication and this will give you a lot more information on the event. This can be done safely and is actually on by default starting as of 7.2 (for fresh installs).

Best,

Jon

0 Kudos
al.johnson
Level 9

Re: The following domain(s) can't be contacted.

We ran into this a while back (on 7.2.0.1), took a bit to clear things up.  Essentially the AD team were rebooting their controllers.  If we had a MWG connected to it and get a user request, we would throw the error.  Not a problem now that we have configured all our domain controllers in each MWG device, as opposed to putting the DNS names that resolved to all AD DCs.

Logging Management events will put the messages in the Auth.debug.log.  If you need to see the authentication events, do it only for a specifi client IP!

You can identify the error by checking for Incident.Id=903 in your Error Handler Policy.  Then you can write your own error with details as needed.

0 Kudos
msiemens
Level 9

Re: The following domain(s) can't be contacted.

We're running 7.3.2.3.0. The Auth_debug log didn't tell me much more than the dashboard other than individual attempts/failures. I had to leave/join the domain to clear this up. When I re-joined, I added a DC for a total of 3.

Since it couldn't authenticate to the domain anyway, I didn't break anything that wasn't already broken. I would like to know why this happens.

0 Kudos