I posted this in the HIP discussion board but didn't get any response. This discussion board is more active so I thought I'd try here as well. I'm hoping someone has run into this issue and has some advice.
HIPS all of a sudden is blocking the DNS server service from running on our Windows 2008 R2 servers. It won't start unless we turn off HIPS HOST IPS, Network IPS, and the Firewall. Once the DNS service is started we can re-enable IPS and the Firewall.
Even in Adaptive mode, DNS won't start. Yet the Activity Log tab shows nothing blocked and all traffic is logged.
I added DNS.exe to the Trusted Applications list but that didn't resolve it. Adaptive Mode shows other applications that I may need to add to the Trusted Applications list. But I don't want to add any unnecessary applications.
Even after we get DNS running and turn HIPS back on, we see the same error every 3 minutes: Event ID 4015: "The DNS Server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty is "". The event data contains the error." If I turn off HIPS, the error goes away.
Any recommendations on how to resolve this...or what did you have to do in your environment to get DNS running?