Disconnected from Active Directory (AD). /opt/quest/bin/vastool status reports: WARNING: 231 QAS daemon is operating in a disconnected state. (104839)

Disconnected from Active Directory (AD).  

Authentication Services enters into disconnected mode.

Running /opt/quest/bin/vastool status command reports  WARNING: 231 QAS daemon is operating in a disconnected state.

CAUSE 1: Product Defect 319479 in QAS 4.1.0.20185

CAUSE 2: QAS cannot reach a domain controller due to an environmental issue such as network issue, dns server down, domain controller went down.   

CAUSE 3:  In 4.0.3.x versions,the check_network_state.sh script only checks for connectivity on one DC and if it doesn't get a response in 10 seconds, it returns a failure which causes the error messages.   Please note 4.1 does not have this issue.

CAUSE 4: If the file /var/opt/quest/vas/vasd/.force_disconnected_mode exists on your system then it will cause vasd to go into disconnected mode

RESOLUTION 1:

On QAS 4.1.0.20185 version only, upgrade to the Authentication Services Maintenace release.  

Please see the following article for details and a link to the package:

Knowledge Article 116643

RESOLUTION 2:

1 - Check to ensure the domain controllers are reachable.

a) /opt/quest/bin/vastool info cldap  yourdomain.com

b)This command will check for a SRV record for your domain.

 #nslookup
> set type=srv
> _ldap._tcp.dc._msdcs.yourdomain.com

For example:  > _ldap._tcp.dc._msdcs.LG.TS.HAL.CA.QSFT

Server:         10.4.64.23
Address:        10.4.64.23#53

Non-authoritative answer:
_ldap._tcp.dc._msdcs.LG.TS.HAL.CA.QSFT  service = 0 100 389 dc-plg2.lg.ts.hal.ca.qsft.

Authoritative answers can be found from:
dc-plg2.lg.ts.hal.ca.qsft       internet address = 10.5.84.114

2 - If domain controller are available, try restarting vasd to see if another server is picked up. Then re-run the vastool status command to check if it  reports healthy.

3 -   Note the information reported by this command : /opt/quest/bin/vastool info servers   Rejoin the server to AD :  /opt/quest/bin/vastool -u ADUSER  join -f  YOURDOMAIN.com 

Do the vastool status and vastool  info servers commands again and compare output.  Sometimes there is a problem with what AD site the clients are contacting.

RESOLUTION 3:

We recommend upgrading to 4.1 Maintenance Release which does not have this issue however if you need to remain on the 4.0.3.x version, revert back to previous method of checking connections to DC's which was more reliable. ** a sign that this script is the cause of the disconnected state is that the system will "flip flop" quickly between connected and disconnected

For more information about this please read Knowledge Article 106820

RESOLUTION 4:

Remove the /var/opt/quest/vas/vasd/.force_disconnected_mode file and restart the vasd process