Security Manager in a DNS only environment (NETIQKB27925)

  • 7727925
  • 02-Feb-2007
  • 04-Apr-2012


Security Manager 3.X

Security Manager 4.X

Security Manager 5.X

Security Manager 6.X


Can Security Manager resolve computer names in a DNS only environment.


Yes, As long as all central computers and agents are in the same domain, name resolution will work just fine.

If the agent is not in a domain and you are unable to edit a host file or other means of name resolution cannot be configured. The agent must be configured unmanaged.

Agents only know about the central computers by their Netbios names so if the agents are not in the same domain as the central computers, then other means of name resolution must be configured.

DNS suffixes on the agent machines or host file entries would resolve the Netbios names.

The agent machines know about the central computers because during agent installation and everytime the agent fails over to a different central computer, an additional Netbios entry for that central computer is added to the registry. 

HKLM|software|NetIQ|Security Manager|configurations|configuration_group_name|operations|agent|consolidators   Consolidator 1 host   Central_computer 1, Consolidator 2 host     Central_computer 2, etc.

If this entry is hacked\changed to a FQDN or IP address, it will revert back to NetBios as soon as it contacts the Central computer.

Additional Information

Formerly known as NETIQKB27925

NetIQ currently is reviewing Security Manager allowing FQDN for computer names.  Subscribe to the Qmmunity for porduct announcements and updates.