DC Agent is not receiving domain controller information
DC Agent can misidentify users if it is unable to get data from domain controllers, resulting in incorrect filtering behavior. This can happen if:
- DC Agent is not detecting all domain controllers in the
network.
To see which domains and domain controllers DC Agent has identified, go to the View Domain List (under DC Agent Domains and Controllers). This lists all domains currently being polled by all DC Agent instances in your network. The instances polling each domain are listed in the DC Agent Instances column.
page in the Forcepoint Security Manager, and clickIf one or more domains is missing from the list, or if an instance is not polling the correct domains, see Configure which domain controllers DC Agent polls.
- DC Agent may not be able to identify the domain controllers in a particular
domain.
Use the Windows Event Viewer to check for the following error:
ERROR_NO_BROWSER_SERVERS_FOUND -6118
If your network includes multiple subnets, DC Agent may have problems communicating with Master Browser or domain controller machines in other subnets. As a best practice, install a separate DC Agent in each subnet to avoid problems gathering logon information from domain controllers.
- DC Agent and User Service may be configured to use an anonymous account. To change the account used to run DC Agent or User Service, see Updating DC Agent permissions.
- DC Agent may not be able to contact a remote domain controller that has been shut down or restarted. See DC Agent: ERROR_BAD_NETPATH - 53.