Which REMOTE from Domain Controller is taking long time to populate domain information

03/26/2020 1467 12746

DESCRIPTION:

If the WXA unit that is REMOTE from Domain Controller (at the opposite location of the DC) Fails to join the domain, or is taking a long time to populate domain information, keeps spinning, times out or gives error.

RESOLUTION:

Example of an error that may be seen when Joining the domain finally fails (not always applicable):

Step 1:  Check the (static) DHCP lease under network > DHCP servers for the WXA appliance, and make certain it is set to resolve only to internal DNS servers.  This often resolves the issue.

Step 2:  Check that the WFS Acceleration > Configuration tab resolves to NAT traffic to the X0 IP or the LAN Primary IP of the SonicWall (Unless you have deliberately removed the NAT, such as in the case of adding the WXA subnet to a VPN tunnel, in which case the WXA Device would be selected). 

Step 3.  Check Firewall access rules to make certain that the WXA IP is allowed to the other side of the VPN tunnel if using VPN, (In the Firewall > Access rules matrix under  LAN > VPN, or CustomZone > VPN, on the firewall where the remote WXA is located), or else from the WXA device's zone to the zone where the remote network is located if using MPLS or a physical route.  This will be completely dependent on the zone the WXA device is located in, and whether using a VPN or a route to a zone behind a physical interface. 

Step 4.  Run a packet capture for Netbios and DNS traffic, verify that the traffic is being sent to the DC from the proper IP address (again, typically LAN IP of the SonicWall after NAT), and that the DC is responding from the proper IP address.  Make certain this is not being dropped for failure to get through the VPN tunnel.  If it is flowing properly, check that the data in the capture shows the correct response.