Nikolay Ermakov

I got resolved the issue. WEM is using port 389 UDP to communicate over CLDAP protocol with root domain DCs. Without 389 UDP open whole forest will be blacklisted as dead. 389 UDP was filtered in my environment. 389 TChas not been filtered therefore it seemed like everything worked but WEM.

WEM is using port 389 TCP and UDP to communicate over CLDAP protocol with root domain DCs. Without 389 UDP open whole forest will be blacklisted as dead.

Hello everyone, I see an issue in my environment where I have one forest with on child domain. WEM Infrastructure server is in the child domain and has full access to child domain controllers in terms of open ports (389, 445, 3286) When the infrastructure service starts it logs the following: 9:56:17 Event -> ActiveDirectoryDynamicBlacklist.AddToDynamicBlacklist() : Add forest into dynamic blacklist, forest name is rppl.local, utc time is 11.04.2024 6:56:17 9:56:17 Warning -> ActiveDirectoryService.() : AD: Warning is: A local error has occurred. Forest rppl.local is dead currently, please remove it from environment.If you don't use this forest, you can also ignore this warning. It also can't add a computer object from child domain using Web Console 9:56:17 Event -> AgentBrokerService.() : Search for domain S-1-5-21-1657612985-771126180-1233803906, start time is 11.04.2024 9:56:17 9:56:17 Event -> AgentBrokerService.() : Search for domain S-1-5-21-1657612985-771126180-1233803906, finish time is 11.04.2024 9:56:17 9:56:17 Event -> AgentBrokerService.() : Search for machine CITRIX-AVSBR01$, start time is 11.04.2024 9:56:17 9:56:17 Event -> AgentBrokerService.() : Search for machine CITRIX-AVSBR01$, finish time is 11.04.2024 9:56:17 9:56:17 Exception -> AgentBrokerService.() : Error happened while retrieving site id. Exception: System.ArgumentNullException: Value cannot be null. Parameter name: Failed to find computer in domain, fullname is AST\CITRIX-AVSBR01$, domain sid is S-1-5-21-1657612985-771126180-1233803906 at Norskale.Broker.Agent.AgentBrokerService.() I suppose that something might be wrong with my root domain rppl.local or with communication between child and root domain controllers or probably ifra server and root domain/forest. Why my forest is added to the black list and marked as dead? Does anyone aware of the algorithm for that decision? Thank you in advance for any related information. WEM 2311 on Windows 2019, DCs are 2022 (AD level is 2016).