9 Replies Latest reply: Apr 10, 2014 5:37 PM by msiemens RSS

    The following domain(s) can't be contacted.

    RayP

      Hi,

       

      We're using the McAfee Web Gateway 7 (7.1.6.0 12742).

      We see the following message in the Dashboard.

       

      WebGateway1 07-Nov-2012 06:28:06 The following domain(s) can't be contacted: <domainname.org> (Origin: Authentication)

      WebGateway2 07-Nov-2012 05:21:04 The following domain(s) can't be contacted: <domainname.org> (Origin: Authentication)

       

      Where can i find more information about this alert.

      Nothing can be found in {Troubleshooting} Log Files. Not even the alert itself.

       

      Regards,
      Ray

        • 1. Re: The following domain(s) can't be contacted.
          kent.dyer

          Same issue here 7.2.0 (13081).  Anybody?  Bueller?  Bueller?

          • 2. Re: The following domain(s) can't be contacted.
            jont717

            We get these every once and a while too!  7.3

             

            We have 5 domain controllers in the list so I never worried about it when it could not get to one.  If I only had one, I would start to look into the issue.

            • 3. Re: The following domain(s) can't be contacted.
              Jon Scholten

              Hi Ray,

               

              What kind of logs were you looking in?

               

              Are you talking about the Authentication debug log (ONLY ENABLE WITH MANAGMENT EVENTS!!!!)? You can find it under Configuration > Troubleshooting. Once enabled this will create logs under Troubleshooting > Log Files > Debug > mwg-core__Auth.debug.log

               

              7.2.x has a number of enhancments regarding Windows Domain Membership, I dont know if they would be related to the issue you are seeing though. As JonT said he see's those messages without any issue occuring.

               

              Best,

              Jon

              • 4. Re: The following domain(s) can't be contacted.
                RayP

                Hi Jon,

                 

                No, the messages are in the Dasboard (main window), and I can't find them in [Troubleshooting]- [LogFiles].

                Should I enalbe the "log management events" ?

                 

                If i enable "log authentication events" I think i will be overwhelmed with messages.

                 

                Regards,

                Ray

                 

                Message was edited by: RayP on 11/11/12 2:08:57 AM CST
                • 5. Re: The following domain(s) can't be contacted.
                  Jon Scholten

                  You can enable "log managment events" only if you would like to debug further. Dont enable the other options as it could fill your disk pretty fast (like log authentication events).

                   

                  Best,

                  Jon

                  • 6. Re: The following domain(s) can't be contacted.
                    RayP

                    Hi Jon,

                     

                    So there's nothing that shows me what happend that night? Even when it's in the Dashboard?

                    Debugging is real time.

                     

                    The problem is that it is not always, but a few times a month.

                     

                    Where can I find the logfiles of the posted messages in the Dashboard.

                     

                    Regards,

                    Ray

                    • 7. Re: The following domain(s) can't be contacted.
                      Jon Scholten

                      Hi Ray,

                       

                      There would not be anything that showed you what happened that night.

                       

                      You can turn logging for managment events for authentication and this will give you a lot more information on the event. This can be done safely and is actually on by default starting as of 7.2 (for fresh installs).

                       

                      Best,

                      Jon

                      • 8. Re: The following domain(s) can't be contacted.
                        al.johnson

                        We ran into this a while back (on 7.2.0.1), took a bit to clear things up.  Essentially the AD team were rebooting their controllers.  If we had a MWG connected to it and get a user request, we would throw the error.  Not a problem now that we have configured all our domain controllers in each MWG device, as opposed to putting the DNS names that resolved to all AD DCs.

                         

                        Logging Management events will put the messages in the Auth.debug.log.  If you need to see the authentication events, do it only for a specifi client IP!

                         

                        You can identify the error by checking for Incident.Id=903 in your Error Handler Policy.  Then you can write your own error with details as needed.

                        • 9. Re: The following domain(s) can't be contacted.
                          msiemens

                          We're running 7.3.2.3.0. The Auth_debug log didn't tell me much more than the dashboard other than individual attempts/failures. I had to leave/join the domain to clear this up. When I re-joined, I added a DC for a total of 3.

                           

                          Since it couldn't authenticate to the domain anyway, I didn't break anything that wasn't already broken. I would like to know why this happens.