efa-project.org

Hello and thank you in advance for support me.

I have installed EFA virtual appliance on hyper-v, all work fine but I have a little issue.

https://drive.google.com/file/d/0B4f53 ... p=sharing

When I send to user "quarantine report", and he click to "view" hyperlink, this one doesn't work and broswer show this message :

"Could not reach the site
The DNS address of the efaserver.mydomain.local server could not be found.
DNS_PROBE_FINISHED_NXDOMAIN"



If I try to reach DNS or IP efa web page , I reach it without issue, obviously I have added "hostname" in my DNS manager.


-------
tracert

C:\Windows\System32>tracert efaserver.mydomain.local

Traccia instradamento verso efaserver.mydomain.local [192.168.10.31]
su un massimo di 30 punti di passaggio:

1 <1 ms <1 ms <1 ms 192.168.128.10
2 1 ms <1 ms <1 ms 192.168.10.31


------------------------------------
ping

C:\Windows\System32>ping efaserver.mydomain.local

Esecuzione di Ping efaserver.mydomain.local [192.168.10.31] con 32 byte di dati:
Risposta da 192.168.10.31: byte=32 durata<1ms TTL=63
Risposta da 192.168.10.31: byte=32 durata=1ms TTL=63
Risposta da 192.168.10.31: byte=32 durata<1ms TTL=63
Risposta da 192.168.10.31: byte=32 durata<1ms TTL=63

Statistiche Ping per 192.168.10.31:
Pacchetti: Trasmessi = 4, Ricevuti = 4,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 0ms, Massimo = 1ms, Medio = 0ms

---------------------------------------------------------------
lookup

C:\Windows\System32>nslookup efaserver.mydomain.local
Server: XXXXXXXX
Address: 192.168.10.22

Nome: efaserver.mydomain.local
Address: 192.168.10.31

-------------------------------


Have you any idea about how I can solve this issue?

What browser are you using?

Looks like Chrome error to me. The "NXDOMAIN" portion of the message = Non-exist domain.

At a guess the user clicking on the link is external to the organisation?

".local" domains aren't valid internet domains, they're internal domains used by Active Directory and the like. It'll only work if the user is connected to your office network. Similarly with 192.168.10.31, that's not a valid internet address and even if it did resolve, external devices wouldn't be able to communicate with it.

Anyway, confirm if my suspicions are correct and we can go from there. If they are internal then check the DNS settings on the client machine, it's probably not using 192.168.10.22.

Thank you jase72,
I just trying from internal network to internal network.
For now I donìt wont publish this URL on the web.

@shawniverson
thank you too
I have same error in chrome, IE and edge.

Check the DNS settings of the machine with the problem, and the machine without the problem.

Are they the same?

If they are the same, check the hosts file of the two machines. Did someone add entries to these files, or are the files basically the same?

thank you pdwalker.

All machines correctly ping that address but no one work when click on "view" and doesnt rache URL.
file host is clear, I am unique admin and users cant modified host file.

You're going to have to figure out why your DNS query is failing in the web browser (while oddly ping works). Not really an EFA issue as far as I can tell, this is host name resolution.

You've said ping to "efaserver.mydomain.local" works from all machines. Can you please confirm this?

Do you have multiple DNS servers set on the client machines?
Do your client machines have a mix of internal and external DNS servers? As tempting as this is for redundancy I'd recommend against it (i.e. don't have DNS1 of 192.168.10.22 and DNS2 of 8.8.8.8).
Are you using a proxy server?
Are the problematic machines multi-homed? e.g. wireless and wired connection.
What's the DNS suffix on the machines?
Are you trying http://efaserver.mydomain.local or just http://efaserver on the machines?
Are all machines on the same subnet?

Also, can you provide a full "ipconfig /all" from a good and bad machine?

Or someone might have a better idea than all my questions! (c;

You've said ping to "efaserver.mydomain.local" works from all machines. Can you please confirm this?

yes work from all machines

Do you have multiple DNS servers set on the client machines?

yes I have 2 domain for now, old one e new one, all will be migrate in new one soon, dns server one for each domain, workstations has both dns server configured.

Do your client machines have a mix of internal and external DNS servers? As tempting as this is for redundancy I'd recommend against it (i.e. don't have DNS1 of 192.168.10.22 and DNS2 of 8.8.8.8).

no just internal dns

Are you using a proxy server?

no

Are the problematic machines multi-homed? e.g. wireless and wired connection.

just wired

What's the DNS suffix on the machines?

dns suffix inherited from dc (new one)

Are you trying http://efaserver.mydomain.local or just http://efaserver on the machines?

yes and not, if I type https://efaserver/mailscanner/login.php?error=timeout work fine
http://efaserver doesnt work
http://efaserver.mydomain.local neither

Are all machines on the same subnet?

yes

Also, can you provide a full "ipconfig /all" from a good and bad machine?

I have just bad machine, mean no one reach efaserver URL when I click "view"

and here result of my ipconfig /all


Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : Nb-002
Suffisso DNS primario . . . . . . . . : newdomain.local
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No
Elenco di ricerca suffissi DNS. . . . : newdomain.local
olddomain.local

Scheda Ethernet Ethernet 2:

Suffisso DNS specifico per connessione: olddomain.local
Descrizione . . . . . . . . . . . . . : HP USB Giga Ethernet
Indirizzo fisico. . . . . . . . . . . : 00-1F-B5-28-CE-25
DHCP abilitato. . . . . . . . . . . . : S
Configurazione automatica abilitata : S
Indirizzo IPv6 locale rispetto al collegamento . : fe80::b06d:94ae:fa49:1e7a%20(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.128.89(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : venerd 1 settembre 2017 10:31:29
Scadenza lease . . . . . . . . . . . : venerd 1 settembre 2017 22:32:15
Gateway predefinito . . . . . . . . . : 192.168.128.10
Server DHCP . . . . . . . . . . . . . : 192.168.128.5
IAID DHCPv6 . . . . . . . . . . . : 570433461
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-21-1C-8D-B7-A0-8C-FD-26-AA-9D
Server DNS . . . . . . . . . . . . . : 192.168.10.22
192.168.128.5
NetBIOS su TCP/IP . . . . . . . . . . : Attivato


for sure it's a hostname resultion but I dont know, where is issue.
Thank you jase72

Thanks for all the info.

It's a bit odd that your machine's DNS search suffix is different to your ethernet's DNS suffix.

if I type https://efaserver/mailscanner/login.php?error=timeout work fine
http://efaserver doesnt work

That really doesn't make sense. They're both the same hostname.

What's the address you're using to manage EFA (https://efaserver?) and what's the address of "view" links you can't access?

Actually, it does.

His EFA installation is configured to run off of https rather than http, thus one works and the other fails.

If his computer has the dns search domain setup correctly, then https://efa/ and https://efa.example.local/ will both work.

However, I have had problems with different browsers and search domains, so I normally specify the full domain when using the url.

If he's getting an error other than NXDOMAIN it does, absolutely. Guess that needs clarification.