Hi, I've tried to tunnel Window's active directory but haven't been successful yet.
I've kind of followed this approach here but it looks like the SRV records can't be resolved as soon as I activate the service.
PS C:\Users\p.gross> Resolve-DnsName -Type SRV _ldap._tcp.dc._msdcs.ad.xyz.de
Resolve-DnsName : _ldap._tcp.dc._msdcs.ad.xyz.de : DNS-Server Error
In Zeile:1 Zeichen:1
+ Resolve-DnsName -Type SRV _ldap._tcp.dc._msdcs.ad.xyz.de
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (_ldap._tcp.dc._msdcs.ad.xyz.de:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
Normal A-Record can be resolved
PS C:\Users\p.gross> Resolve-DnsName ad.xyz.de
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
ad.xyz.de A 60 Answer 100.64.0.5
I'm using the current release ZDEW 2.4.0 which if I understand this correctly should work.
The service seems to be setup correctly. It is supposed to be offloading on a private edge router (ad-ztna02).
root@ad-ztna01:~# ziti edge policy-advisor services ad-client.svc -q
OKAY : ad-ztna02 (1) -> ad-client.svc (2) Common Routers: (1/1) Dial: N Bind: Y
OKAY : p.gross (3) -> ad-client.svc (2) Common Routers: (2/2) Dial: Y Bind: N
I'm getting the following logs
[2024-08-06T06:15:16.370Z] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: connection is closed [2024-08-06T06:15:20.849Z] ERROR ziti-sdk:connect.c:963 connect_reply_cb() conn[0.20/I0tLp1x-/Connecting] failed to connect, reason=can't route from pHbNlOUrfj -> PvWaLOwrfj [2024-08-06T06:15:20.849Z] ERROR tunnel-cbs:ziti_dns.c:631 on_proxy_connect() failed to establish proxy resolve connection for domain[*.ad.ardorisai.de] [2024-08-06T06:15:20.849Z] WARN tunnel-cbs:ziti_dns.c:679 on_proxy_write() proxy resolve write failed: connection is closed/-24
Edit: pHbNlOUrfj is ad-ztna01 --> PvWaLOwrfj is ad-ztna02
Your help is highly appreciated!