Inherited a PDQ Environment, Lots of Connection Errors

Comments

10 comments

  • Colby Bouma

    If you click on the blue question mark next to each error, it should open a window that contains a link to a KB.

    Some of those errors are DNS related. Others look like permission issues.

    https://help.pdq.com/hc/en-us/articles/220533627-Windows-Firewall-Ports-and-Exceptions

    https://www.youtube.com/watch?v=pZwS5OkgXmI

    1
    Comment actions Permalink
  • Adam Haas

    Thank you Colby, I watched the video and learned a lot. I've enabled three settings that I did not have enabled:

    • DNS > DC01 > Advanced > "Enable automatic scavenging of stale records"
    • DHCP > IPv4 > DNS > "Always dynamically update DNS records"
      This was set to "Dynamically update DNS records only if requested by the DHCP clients
    • DHCP > IPv4 > DNS > "Dynamically update DNS records for DHCP clients that do not request updates"

    Based on this, I may not see results for a week or two.

    I'm reading through the Firewall article you've posted as well.

     

    0
    Comment actions Permalink
  • Adam Haas

    I believe the Windows Firewall Ports and Exceptions document needs to be updated. It refers to the location of these settings as:

    "Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile"

    Though it appears to have changed to:

    "Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security"

    See:

    https://social.technet.microsoft.com/Forums/en-US/1ff751e0-4902-4414-895b-cd8255afa110/windows-defender-firewall-settings?forum=winserverGP

     

    Edit: The entire section under "Ports and Group Policy" is inapplicable with the changed location in GPO.

    0
    Comment actions Permalink
  • Adam Haas

    Is there an updated set of instructions given Microsoft's change to how firewall settings are applied via GPO?

    0
    Comment actions Permalink
  • Colby Bouma

    It looks like the old way should still work. I'll submit an internal ticket to get that KB updated.

    1
    Comment actions Permalink
  • Adam Haas

    I see now, it's not "Windows Firewall" anymore as indicated in the KB, it's "Windows Defender Firewall"

    It appears Microsoft added "Defender" to everything.


    0
    Comment actions Permalink
  • Adam Haas

    Sorry for the multiple posts.

    Now that I know where to find this, the KB says to enable "Allow inbound file and printer sharing exception". It references the "Allow unsoliciated incoming messages from these addresses" field, but does not say what should go in there, only the format to enter it.

    What is this IP range supposed to represent? All devices I want accessible via PDQ?

    We have different subnets for each of our (MPLS connected) locations.

    0
    Comment actions Permalink
  • Colby Bouma

    These are settings for the target machines, so you should put in the IP address of the machine running PDQ.

    1
    Comment actions Permalink
  • Adam Haas

    A lot of projects going on right now...

     

    I verified the IP for PDQ was in the "Allow inbound file and printer sharing exception". So it's gotta be something else.

    0
    Comment actions Permalink
  • Adam Haas

    At this stage, with so many computers reporting incorrectly or not reporting at all. Should I remove all computers from PDQ inventory and then initiate sync?

    0
    Comment actions Permalink

Please sign in to leave a comment.