browse
Overview
This article is intended to be a definitive list of the messages you may see displayed on Umbrella's Sites and Active Directory page (Settings > Sites and AD). These are informational messages, warnings and errors originating from Virtual Appliances (VAs), Connectors, and the Domain Controllers.
Virtual Appliances
Virtual Appliances Syncing
Resolution: Syncing can take up to 10 minutes. Ensure you have met the network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: If the VA has been deleted, remove it from the Umbrella dashboard: https://support.umbrella.com/hc/en-us/articles/230562387
Next, confirm network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, open a Support case:https://support.umbrella.com/hc/en-us/requests/new
Connector Connections
-
[Information] This VA was previously connected to one or more Connectors, but is now connected to none
Resolution: Were any Connectors removed? If so, this message can be ignored and the Connector should be removed from the dashboard.
Next, confirm network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Warning] This Virtual Appliance is connected to some, but not all, of the Connectors for this site.
Resolution: Were any Connectors removed? If so, this message can be ignored and the Connector should be removed from the dashboard. Confirm prerequisites: https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-1
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468, then open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: The Virtual Appliance supports DNSCrypt between itself and Umbrella's public DNS resolvers. This means any information contained in the DNS packets forwarded from the VA are encrypted by DNSCrypt and cannot be intercepted. This feature is enabled by default for best protection.
Unencrypted traffic is considered a problem that should be resolved. When encryption cannot be established between your VA and Umbrella, this warning will occur. Encryption is established with a probe sent on port 53 (UDP/TCP) and if you have a firewall or IPS/IDS doing deep packet inspection and expecting to see only DNS traffic, the probe may fail. In other words, the encrypted packets may not match the expected traffic on that port. Please review your firewall configuration if that is the case and open a case with Support if you believe that you are allowing this traffic.
Have an ASA and are getting this message? View this document on packet inspection for more information.
DNSCrypt is only available in Virtual Appliances at 1.5.x or higher. If you only have a single VA, and that VA hasn't been upgraded, this message will also appear. For information on upgrading your VA, please read: https://docs.umbrella.com/product/umbrella/upgrading-your-virtual-appliances/
Further details on this can be found at https://support.umbrella.com/hc/en-us/articles/232053127
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468, then open a Support case: https://support.umbrella.com/tickets/newhttps://support.umbrella.com/hc/en-us/requests/new
Local Domain Config
Resolution: Ensure you have configured local domains: https://docs.umbrella.com/umbrella-user-guide/docs/local-dns-forwarding
High Availability and Redundancy
Resolution: Install a second VA at this time for the reasons listed here: https://support.umbrella.com/hc/en-us/articles/230562287-The-importance-of-running-2-Umbrella-Virtual-Appliances
Query Failure Rate
Resolution: Open a Support case: https://support.umbrella.com/hc/en-us/requests/new
AD Connectors
Connectors – Syncing
Resolution: Syncing can take up to 10 minutes. Ensure you have met the network requirements: https://docs.umbrella.com/umbrella-user-guide/docs/prerequisites-3
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: Ensure you have met the network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
Cisco has announced EOL of TLS 1.0/1.1. If your connector is running on an unsupported Windows version (Windows Server 2008 or 2008 R2 or Windows 7), these platforms do not support TLS 1.2 by default, and so you will need to reinstall the connector on a supported server version (Windows Server 2012 or higher). If your connector is deployed on WS 2012 or above and has stopped syncing to Umbrella, ensure that the connector is running version 1.6.31 or higher.
Connectors version 1.6.31 or higher will function on WS 2008/2008 R2, provided the system is running .NET 4.5.2 or higher. However it is recommended to redeploy the connector on a supported server version.
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Connectors – Connections Possible
Resolution: Sites must contain a minimum of one of each of the three component types. Please review the following setup documentation and ensure you have met all requirements: https://docs.umbrella.com/umbrella-user-guide/docs/prerequisites-3 and https://support.umbrella.com/hc/en-us/articles/230672187-Active-Directory-Integration-Step-2-Prepare-your-Active-Directory-Environment
Connectors – DC Connections
Resolution: Sites must contain a minimum of one of each of the three component types. Please review the following setup documentation and ensure you have met all requirements: https://docs.umbrella.com/umbrella-user-guide/docs/prepare-active-directory-environment
- [Information] There are one or more DCs that the Connector could connect to, but it has not connected to any yet.
Resolution: Syncing can take up to 10 minutes. Ensure you have met the prerequisites: https://docs.umbrella.com/umbrella-user-guide/docs/prerequisites-3
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: Confirm prerequisites: https://docs.umbrella.com/umbrella-user-guide/docs/prerequisites-3
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Error] The Connector was once connected, but is not currently connected to any of the DCs available.
Resolution: Confirm prerequisites: https://docs.umbrella.com/umbrella-user-guide/docs/prerequisites-3
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Connectors – VA Connections
- [Information] There are one or more VAs that the Connector could connect to, but it has not connected to any yet.
Resolution: Make sure that any VAs that were previously deployed, but are now not being used are removed from the dashboard. Syncing can take up to 10 minutes after these VAs are removed.
Syncing can take up to 10 minutes. Ensure you have met network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: If the Virtual Appliance is not on the same Local Area Network (LAN) as this Connector, considering segregating your deployment using Umbrella sites https://docs.umbrella.com/umbrella-user-guide/docs/appendix-b-multiple-active-directory-and-umbrella-sites
Make sure that any VAs that were previously deployed, but are now not being used are removed from the dashboard. Syncing can take up to 10 minutes after these VAs are removed.
Ensure you have met network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: Make sure that any VAs that were previously deployed, but are now not being used are removed from the dashboard. Syncing can take up to 10 minutes after these VAs are removed.
Ensure you have met network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Error] The Connector was once connected but is not currently connected to any of the VAs available.
Resolution: Make sure that any VAs that were previously deployed, but are now not being used are removed from the dashboard. Syncing can take up to 10 minutes after these VAs are removed.
Ensure you have met network requirements: https://support.umbrella.com/hc/en-us/articles/230902508
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Information] The Connector is not syncing events in parallel to VAs. Events processing can be slower than expected.
Resolution: The Umbrella Connector service is tested to support 10 assets (Domain Controllers and Virtual Appliances) per CPU.
Upgrade the server with required number of CPUs based on the number of Domain Controllers and Virtual Appliances in the Umbrella Site.
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: The Umbrella Connector service is tested to support a continuous ~850 (no hard limit) events per second across all Domain Controllers in an Umbrella Site. If the overall rate is higher, it is more likely to see drops. Increasing number of cores in a Connector box may help.
It is also possible to enable load-balancing functionality. This utilizes two or more connectors to share the load of multiple domain controllers. This is an advanced feature which must be enabled with Umbrella support by opening a Support case: https://support.umbrella.com/hc/en-us/requests/new
Domain Controllers
DC – Connector Connections
Resolution: If Connector has been removed, either redeploy Connector or remove Domain Controller. Next, confirm network requirements: https://support.umbrella.com/hc/en-us/articles/230902508.
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
Resolution: In order for the DC to send information about login events to a Virtual Appliance, it must have a Connector installed in the same site.
If you have not yet installed the Connector, read here for more information on installing the Connector: https://docs.umbrella.com/umbrella-user-guide/docs/2-connect-active-directory-to-umbrella#section-install-the-connector
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Error] This Domain Controller has no Connectors to connect to. In order for the DC to send information about login events to a Virtual Appliance, it must have a Connector.
Resolution: In order for the DC to send information about login events to a Virtual Appliance, it must have a Connector installed in the same site.
If you have not yet installed the Connector, read here for more information on installing the Connector: https://docs.umbrella.com/umbrella-user-guide/docs/2-connect-active-directory-to-umbrella#section-install-the-connector. If you are reinstalling the Connector or moving it from one machine to another, this message can be ignored.
Resolution: Please check permissions based on these articles: https://support.umbrella.com/hc/en-us/articles/230902488-Required-permissions-for-the-OpenDNS-Connector-user.
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new
- [Error] WMI state of this Domain Controller is down. The Domain Controller is not responding to the WMI connection from the Connector. This could be a temporary problem due to the load on the Domain Controller.
Resolution: Check if the WMI connection can be established using WBEMTest tool. Try to reduce the load on the DC by stopping other unused applications monitoring the security events.
The connector is not trying to connect to this Domain Controller to avoid high resource utilization. So the Connector service needs to be restarted to initiate a fresh WMI connection once the DC load is reduced.
If the problem persists, first collect logs: https://support.umbrella.com/hc/en-us/articles/230902468; then, open a Support case: https://support.umbrella.com/hc/en-us/requests/new