Support Center > Search Results > SecureKnowledge Details
Security Management and Security Gateway are both sending RPC(TCP/135) traffic to all Domain Controllers Technical Level
Symptoms
  • RPC(TCP/135) traffic from Security Management server and Security Gateway is sent to all Domain Controllers and can be seen using traffic captures.
Cause

Identity Logging is enabled on the Security Management and Identity Awareness is enabled on the Security Gateway.

The Security Management server also tries to fetch User Events from DCs over RPC protocol because Identity Logging is enabled and in order to have the relevant events on the Security Management, a WMI query is sent to the DC from the Security Management as well. 


Solution
Note: To view this solution you need to Sign In .