Domain error codes

1. No Domain Configuration available
2. The Servers are not operational
3. Unable to get domain DNS / FLAT name
4. What does "Last Event Read Time" in ADAudit Plus mean?
5. How to configure remote servers in ADAudit Plus
6. To verify if the desired audit policies and security log settings are configured
7. To verify if the desired events are getting logged

1. No Domain Configuration available

Cause:

Post installation, ADAudit Plus automatically discovers the local domain from the DNS server configured on the machine running ADAudit Plus. This error occurs when no domain details are found on the DNS server.

Solution:

Ensure that your domain is listed under Domain Settings in ADAudit Plus.

• Login to your ADAudit Plus web console.
• Click Domain Settings on the top right corner and check if your domain is added under Configured Domain(s).
• If your domain is not added, follow this Active Directory domain configuration guide to add your domain manually.

2. The Servers are not operational

Cause:

Post installation, ADAudit Plus automatically discovers the domain controllers (DC) in the local domain. This error occurs when the domain controllers in the domain are unreachable.

Solution:

Check if the LDAP port (port no. 389) and RPC ports (static port no.135 and dynamic port no. 49152- 65535) are open to ensure that ADAudit Plus is able to contact the domain controllers in the domain.

• Follow this port guide to open the LDAP and RPC ports required to sync Active Directory objects with ADAudit Plus.

Troubleshooting:

Ping all the DCs added in ADAudit Plus.

• Login to you ADAudit Plus web console.
• Click Domain Settings on the top right corner and select your domain under Configured Domain(s) to find the available domain controllers.
• Open Command Prompt on the ADAudit Plus server and ping the domain controllers listed under Domain Settings in ADAudit Plus console by name to check if they are accessible.

3. Unable to get domain DNS / FLAT name

Cause:

While adding a domain, this error occurs when ADAudit Plus in unable to reach the domain.

Solution:

Ping the discovered domain controllers by name from the ADAudit Plus server and try to connect to the Syslog folder to ensure that domain controllers in the domain are accessible.

4. What does "Last Event Read Time" in ADAudit Plus mean?

The "Last Event Read Time" in ADAudit Plus is the last time that ADAudit Plus has contacted the security log of the event viewer and fetched newly logged audit data. The Last Event Read Time changes only if there is fresh and relevant data complying to the audit policy available in the security logs of corresponding computers.

5. How to configure remote servers in ADAudit Plus

Domains that do not have trust with domains configured in ADAudit Plus are considered as remote domains and the servers in those domains are remote servers. You can audit remote servers by following the steps below:

• Check if you're able to ping the remote server from the ADAudit Plus server. If the ping is successful, you can audit the remote server without any issues.
• If the ping is unsuccessful, add a DNS entry by following the steps below:
  • Go to the Ethernet or Wi-Fi settings in the ADAudit Plus server (Windows Start > Control Panel > Network and Internet > Network Connections).
  • Right-click and select Properties.
  • Click Internet Protocol Version 4 (TCP/IPv4) to enable the Properties option, and select and continue to the Advanced... option.
  • In the DNS tab, add the remote domain's DNS server IP address. Then, select the Append these DNS suffixes (in order) option. Click Add to enter the Domain Suffix of the remote server. Click OK to save the setting.

For further queries, reach out to us via support@adauditplus.com.

6. To verify if the desired audit policies and security log settings are configured:

Log in to any computer that has the Group Policy Management Console (GPMC), with Domain Admin credentials → Open GPMC → Right click on Group Policy Results → Group Policy Results Wizard → Select the computer, user (current user) → Verify if the desired settings are configured.

7. To verify if the desired events are getting logged:

Log in to any computer with Domain Admin credentials → Open Run → Type eventvwr.msc → Right click on Event Viewer → Connect to the target computer → Verify if events corresponding to the audit policies configured are getting logged.

For example: Kerberos Authentication Service Success advanced audit policy configuration should result in event ID 4768 getting logged.