Introduction
This document describes how to troubleshoot the error "DN not found!" in the Umbrella Connector log.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on Umbrella DNS.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Problem
You notice this log entry present in the OpenDNSClientAudit.log:
7/10/2023 3:01:36 PM: DN not found! for IP: X.X.X.X, User: POD1234$
Solution
These entries are normal and in no way indicative of a problem with your AD Connector.
This behavior is intentional and not indicative of an issue or error, although it is still recorded in the Umbrella logs.
When the Connector server reads event logs on all registered DCs, Umbrella looks for logon events from actual users. Logons from machine names are disregarded as they are not valid users. For accuracy, when Umbrella reads a new logon event before creating a user to IP mapping, it goes back to AD and validates that the user exists. In the case of a machine name logon the DN is not a user DN, but it can be a machine name DN.
Similar to the example log entry from earlier, all machine name logons can have a trailing "$" at the end of the name. The User: POD1234$ is not a valid username, so Umbrella does not create a user to IP mapping for that user. The log entry indicates that no valid user DN was found, so rather than generating a new user-to-IP mapping, the system is disregarding the log entry.
Feedback