Add the parameter "-Dquest.glue.enable.rdns=true" to baseline.jvmargs.config file to allow reverse DNS lookup. By default this parameter is set to false.
This option will force the FglAM to do a reverse DNS lookup for the given host names before establishing the WinRM connection. Even though the host name configured in the agent properties is a DNS alias, as long as this alias can be resolved to the correct host name via revers DNS lookup, FglAM can still do the Kerberos authentication with the correct host name.
The option is false by default and affect all WinRM connection established from that FglAM. To apply the setting for all FglAMs, you can set the "Enable DNS Reverse Lookup" FglAM adapter properties.
Troubleshooting steps:
To test the reverse DNS lookup run the command:
nslookup
If it returns the alias instead of the correct host name, WinRM connections will fail and you would need to consider either monitoring with the correct host name in agent properties instead of the alias or adding an Server Principle Name (SPN) for the alias.
To check the SPN setup run:
setspn -l
To set the SPN you can use the command: setspn -s
Please discuss the SPN settings and the full "setspn -s" command with your Active Directory administrators.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center