SungHoon_Kim

PAM unable to connect to target devices when Network BOND is used and when one of the DNS is down

Blog Post created by SungHoon_Kim Employee on Jun 1, 2018

This is to demonstrate a use case where the PAM would fail to connect to any target devices when one of the DNS server goes down.

 

Following environment is setup for demonstration purpose.

 

172.17.8.1 WIN-01 AD/DNS
172.17.8.2 WIN-02 AD-Readonly/DNS
172.17.8.3 WIN-03 AD-Readonly/DNS
172.17.8.4 WIN-04 AD-Readonly/DNS
--------------------------
172.17.9.1 WIN-05 PAM Client
172.17.9.2 WIN-06 Target Device
--------------------------
172.17.10.1 RHEL65a NFS/NTP
172.17.10.2 RHEL65b Target Device
--------------------------
172.17.11.1 PAM-01 PAM Cluster primary node 
172.17.11.2 PAM-01 PAM Cluster primary node
172.17.11.3 PAM-02 PAM Cluster secondary node
172.17.11.4 PAM-02 PAM Cluster secondary node 
172.17.11.100 VIP

172.17.11.201 PAM-01 BOND1 IP

172.17.11.202 PAM-02 BOND1 IP

 

GB1: 172.17.11.1 (IP would disappear once you select "BOND1" from "Teaming")

GB2: 172.17.11.2 (IP would disappear once you select "BOND1" from "Teaming")

 

Same is configured at PAM-02 (172.17.11.3 and 172.17.11.4)

 

Cluster is setup with the BOND IP addresses.

 

Following target devices are setup.

One using FQHN and one using IP.

 

Session Recording is enabled for RDP.

 

Policy is setup to allow "user1" to access both machines. Session Recording is enabled.

 

At the moment, all 4 DNS servers are up and running.

When the user1 click on the win-06.test.lab RDP Access Method, it would connect and display the login prompt.

 

But once one of the DNS server becomes unreachable(in my case I unplug the cable) then the PAM fails to connect to the target device. I disconnected the network cable from WIN-02.

 

 

 

It reports there is a problem with session recording.

NFS for session recording still shows as mounted and available.

 

 

In case when clicking on the "WIN-03.test.lab" which the target device was using IP for address, the "Remote Desktop" screen runs forever and does not connect.

Outcomes