CA Client Automation

Hi All,
the customer has integrated his DM with 2 active directories called "PROD" and "NOPROD". These 2 AD are not trusted between them.
The dns domains are also different: ".prod.local" for AD "PROD" and ".noprod.local" for AD "NOPROD".
So for the PROD domain the FQDN of the computers is COMPUTER.prod.local, while for the computers of the NOPROD domain it is COMPUTER.noprod.local. The DM is in the AD "PROD" and its FQDN is ITCA-DM.prod.local.

He executes the deploy wizard on the OU computers of the PROD domain, the same as the DM, with success.

The problem arises when using the deployment wizard to install the Agent on the computers located in the OUs of the "NOPROD".
In fact, when the deployment wizard runs on the OU computers of the domain: "NOPROD", the result of the SCAN returns the "Unknown" status for all computers.
The dmdeploy extracts the computer names from the OU list and tries to contact them using the computer name without success.
Now the question is whether it is possible to configure the DM so that the SCAN function uses the FQDN instead of the computer name.

Thanks in advance
Alessandro

Hi Alessandro,

If DNS is configured correctly on the DM then you should be able to ping computers in both AD's by hostname. 

In this example the two computers are in different domains, one being the same as the DM.


What do you see for ping and nslookup for both computers?

Rgds,
Steve



------------------------------
Senior Principal Engineering Solutions Architect
Broadcom
------------------------------

Original Message:
Sent: May 02, 2022 12:07 PM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi All,
the customer has integrated his DM with 2 active directories called "PROD" and "NOPROD". These 2 AD are not trusted between them.
The dns domains are also different: ".prod.local" for AD "PROD" and ".noprod.local" for AD "NOPROD".
So for the PROD domain the FQDN of the computers is COMPUTER.prod.local, while for the computers of the NOPROD domain it is COMPUTER.noprod.local. The DM is in the AD "PROD" and its FQDN is ITCA-DM.prod.local.

He executes the deploy wizard on the OU computers of the PROD domain, the same as the DM, with success.

The problem arises when using the deployment wizard to install the Agent on the computers located in the OUs of the "NOPROD".
In fact, when the deployment wizard runs on the OU computers of the domain: "NOPROD", the result of the SCAN returns the "Unknown" status for all computers.
The dmdeploy extracts the computer names from the OU list and tries to contact them using the computer name without success.
Now the question is whether it is possible to configure the DM so that the SCAN function uses the FQDN instead of the computer name.

Thanks in advance
Alessandro

Hi Steve,

thanks for you reply.
I collect ping and nsllokup from 1 computer on the prod.local domain, the same of the DM, and from 1 computer on the noprod.local domain.

This is a computer from domain "prod.local"
C:\>ping wksprod-13

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


C:\>ping wksprod-13.prod.local

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13.prod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


This is a computer from domain "noprod.local"
C:\>ping wkscons-02
Ping request could not find host wkscons-02. Please check the name and try again.

C:\>nslookup wkscons-02
Server: DOMAIN01.prod.local
Address: 192.168.11.10

*** DOMAIN01.prod.local can't find wkscons-02: Non-existent domain

C:\>ping wkscons-02.noprod.local

Pinging wkscons-02.noprod.local [192.168.10.200] with 32 bytes of data:
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wkscons-02.noprod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wkscons-02.noprod.local
Address: 192.168.10.200


As you can see, for noprod computer ping and nslookup using computername is not found while it is found if using FQDN.

Thanks and regards,
Alessandro


Original Message:
Sent: May 03, 2022 07:00 AM
From: Steve Parker
Subject: Infrastructure Deploy to OU on severals AD

Hi Alessandro,

If DNS is configured correctly on the DM then you should be able to ping computers in both AD's by hostname.

In this example the two computers are in different domains, one being the same as the DM.


What do you see for ping and nslookup for both computers?

Rgds,
Steve



------------------------------
Senior Principal Engineering Solutions Architect
Broadcom

Original Message:
Sent: May 02, 2022 12:07 PM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi All,
the customer has integrated his DM with 2 active directories called "PROD" and "NOPROD". These 2 AD are not trusted between them.
The dns domains are also different: ".prod.local" for AD "PROD" and ".noprod.local" for AD "NOPROD".
So for the PROD domain the FQDN of the computers is COMPUTER.prod.local, while for the computers of the NOPROD domain it is COMPUTER.noprod.local. The DM is in the AD "PROD" and its FQDN is ITCA-DM.prod.local.

He executes the deploy wizard on the OU computers of the PROD domain, the same as the DM, with success.

The problem arises when using the deployment wizard to install the Agent on the computers located in the OUs of the "NOPROD".
In fact, when the deployment wizard runs on the OU computers of the domain: "NOPROD", the result of the SCAN returns the "Unknown" status for all computers.
The dmdeploy extracts the computer names from the OU list and tries to contact them using the computer name without success.
Now the question is whether it is possible to configure the DM so that the SCAN function uses the FQDN instead of the computer name.

Thanks in advance
Alessandro

Hi Alessandro,

Try adding the "noprod.local" to the DNS suffix section of the Advanced TCP/IP settings on the DM


Rgds,
Steve.

------------------------------
Senior Principal Engineering Solutions Architect
Broadcom
------------------------------

Original Message:
Sent: May 04, 2022 05:37 AM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi Steve,

thanks for you reply.
I collect ping and nsllokup from 1 computer on the prod.local domain, the same of the DM, and from 1 computer on the noprod.local domain.

This is a computer from domain "prod.local"
C:\>ping wksprod-13

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


C:\>ping wksprod-13.prod.local

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13.prod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


This is a computer from domain "noprod.local"
C:\>ping wkscons-02
Ping request could not find host wkscons-02. Please check the name and try again.

C:\>nslookup wkscons-02
Server: DOMAIN01.prod.local
Address: 192.168.11.10

*** DOMAIN01.prod.local can't find wkscons-02: Non-existent domain

C:\>ping wkscons-02.noprod.local

Pinging wkscons-02.noprod.local [192.168.10.200] with 32 bytes of data:
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wkscons-02.noprod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wkscons-02.noprod.local
Address: 192.168.10.200


As you can see, for noprod computer ping and nslookup using computername is not found while it is found if using FQDN.

Thanks and regards,
Alessandro


Original Message:
Sent: May 03, 2022 07:00 AM
From: Steve Parker
Subject: Infrastructure Deploy to OU on severals AD

Hi Alessandro,

If DNS is configured correctly on the DM then you should be able to ping computers in both AD's by hostname.

In this example the two computers are in different domains, one being the same as the DM.


What do you see for ping and nslookup for both computers?

Rgds,
Steve



------------------------------
Senior Principal Engineering Solutions Architect
Broadcom

Original Message:
Sent: May 02, 2022 12:07 PM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi All,
the customer has integrated his DM with 2 active directories called "PROD" and "NOPROD". These 2 AD are not trusted between them.
The dns domains are also different: ".prod.local" for AD "PROD" and ".noprod.local" for AD "NOPROD".
So for the PROD domain the FQDN of the computers is COMPUTER.prod.local, while for the computers of the NOPROD domain it is COMPUTER.noprod.local. The DM is in the AD "PROD" and its FQDN is ITCA-DM.prod.local.

He executes the deploy wizard on the OU computers of the PROD domain, the same as the DM, with success.

The problem arises when using the deployment wizard to install the Agent on the computers located in the OUs of the "NOPROD".
In fact, when the deployment wizard runs on the OU computers of the domain: "NOPROD", the result of the SCAN returns the "Unknown" status for all computers.
The dmdeploy extracts the computer names from the OU list and tries to contact them using the computer name without success.
Now the question is whether it is possible to configure the DM so that the SCAN function uses the FQDN instead of the computer name.

Thanks in advance
Alessandro

Hi Steve,

thanks for you reply, adding suffixes the scan resolves the computernames.

Alessandro


Original Message:
Sent: May 04, 2022 06:44 AM
From: Steve Parker
Subject: Infrastructure Deploy to OU on severals AD

Hi Alessandro,

Try adding the "noprod.local" to the DNS suffix section of the Advanced TCP/IP settings on the DM


Rgds,
Steve.

------------------------------
Senior Principal Engineering Solutions Architect
Broadcom

Original Message:
Sent: May 04, 2022 05:37 AM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi Steve,

thanks for you reply.
I collect ping and nsllokup from 1 computer on the prod.local domain, the same of the DM, and from 1 computer on the noprod.local domain.

This is a computer from domain "prod.local"
C:\>ping wksprod-13

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


C:\>ping wksprod-13.prod.local

Pinging wksprod-13.prod.local [192.168.12.62] with 32 bytes of data:
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127
Reply from 192.168.12.62: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.12.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wksprod-13.prod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wksprod-13.prod.local
Address: 192.168.12.62


This is a computer from domain "noprod.local"
C:\>ping wkscons-02
Ping request could not find host wkscons-02. Please check the name and try again.

C:\>nslookup wkscons-02
Server: DOMAIN01.prod.local
Address: 192.168.11.10

*** DOMAIN01.prod.local can't find wkscons-02: Non-existent domain

C:\>ping wkscons-02.noprod.local

Pinging wkscons-02.noprod.local [192.168.10.200] with 32 bytes of data:
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127
Reply from 192.168.10.200: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup wkscons-02.noprod.local
Server: DOMAIN01.prod.local
Address: 192.168.11.10

Name: wkscons-02.noprod.local
Address: 192.168.10.200


As you can see, for noprod computer ping and nslookup using computername is not found while it is found if using FQDN.

Thanks and regards,
Alessandro


Original Message:
Sent: May 03, 2022 07:00 AM
From: Steve Parker
Subject: Infrastructure Deploy to OU on severals AD

Hi Alessandro,

If DNS is configured correctly on the DM then you should be able to ping computers in both AD's by hostname.

In this example the two computers are in different domains, one being the same as the DM.


What do you see for ping and nslookup for both computers?

Rgds,
Steve



------------------------------
Senior Principal Engineering Solutions Architect
Broadcom

Original Message:
Sent: May 02, 2022 12:07 PM
From: Alessandro Capuzzo
Subject: Infrastructure Deploy to OU on severals AD

Hi All,
the customer has integrated his DM with 2 active directories called "PROD" and "NOPROD". These 2 AD are not trusted between them.
The dns domains are also different: ".prod.local" for AD "PROD" and ".noprod.local" for AD "NOPROD".
So for the PROD domain the FQDN of the computers is COMPUTER.prod.local, while for the computers of the NOPROD domain it is COMPUTER.noprod.local. The DM is in the AD "PROD" and its FQDN is ITCA-DM.prod.local.

He executes the deploy wizard on the OU computers of the PROD domain, the same as the DM, with success.

The problem arises when using the deployment wizard to install the Agent on the computers located in the OUs of the "NOPROD".
In fact, when the deployment wizard runs on the OU computers of the domain: "NOPROD", the result of the SCAN returns the "Unknown" status for all computers.
The dmdeploy extracts the computer names from the OU list and tries to contact them using the computer name without success.
Now the question is whether it is possible to configure the DM so that the SCAN function uses the FQDN instead of the computer name.

Thanks in advance
Alessandro