VA stop resolving IQS e DC names

Hi! I have some sandbox tenant working since more than a year. It has an operative AD source, with 1 iqs and 2 dc (one dc holds primary dns, and other windows server holds secondary dns).

Since some days, connector stopped. Digging a bit, I could find the following:
-iqs reaches both dc servers at 389 and 636
-iqs resolves well dc server names with ping
-va reaches iqs at 5050 and 5051, and dc servers at 389 and 636 by ip address
-va does reach any machine by its name (simple or full qualified)
*** above tests performed with tb / netcat

at this point, I though that it could be a dns problem, but
-nslookup iqs, and both dc resolves to correct ip
-dig iqs, and both dcs, shows correct ip for A record

so, it seems that all ports are opened and server names resolving right, except when using netcat or trying with connector.

Finally, I rebooted VA and all tests ended as above.

Can the nslookup or dig being cached? I am running out of ideas to troubleshoot…

i think nslookup use the cache of the server, you can try to use ipconfig /flushdns for windows and sync; echo 1 > /proc/sys/vm/drop_caches for linux.

It coould be a dns problem and somethings are stored in cache, so when you try to do something real, fail.

Hi @enistri_devo ! Thanks for your response. Sync does not work in VA, I tried but it is not in the sudoers commands, and sailpoint user has no permission.

Also, I did run the ipconfig /flushdns on iqs, and ping is still resolving the dcs fqdn names.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.