0

I'm working on a custom AD RMS solution that allows opening of protected documents in Microsoft Office apps on MacOS and iOS devices. It's based on Microsoft Mobile Device Extension and a custom authorization server built with Owin and Katana.

The DNS SRV record was originally set to a development server. Now that the application is working fine, we've changed the DNS SRV to a production server (a several weeks ago already).

The problem is that our devices on servicediscovery calls are still reaching out to the old development server.

I've flushed their DNS cache, reset the app data, reinstalled the apps - nothing seems to be working, the Office apps always call the old server.

The new DNS SRV record should be already replicated across DNS servers.

I'm completely stuck at the moment and I cannot put it in the production as the production server never gets "discovered" and called. Did anybody have a similar issue or some deeper understanding of how the Microsoft ADAL service discovery works on mobile devices to provide me a hint of a solution?

DanielMarcin
  • 1
  • 1
  • Would you tell us the SRV record's hostname and the dev and production servers so we can check all? – Lanexbg Jun 08 '18 at 12:19
  • I have to get the authorization to put the client's server names in public, and I see I just can't send you a private message here. Anyway, your kind suggestion made me realize I haven't run any DNS diagnostic tools on the servers. As the DNS service is run by an external company, we've been assured that DNS SRV is changed. I've run some online tests and the DNS SRV record for the server cannot be found. The tests indicate as well some NS issues: Not all nameservers respond with the same SOA serial number. – DanielMarcin Jun 08 '18 at 20:35
  • 2. The active nameservers do not match your NS records. Please correct the NS records. 3. Other service: DNS record is failing. We have to contact our provider to fix those issues. I will report here. By the way: could you recommend a diagnostic tool to detect this kind of DNS problems? I'd really appreciate it. – DanielMarcin Jun 08 '18 at 20:48
  • Unfortunately I can not recommend any tool. I've used many and they have confusing warnings and errors. Perhaps if you run couple of them can understand what they are trying to say. However here are some that I would use just to backup my findings or to see if I missed something: `intodns.com`; `dnscheck.pingdom.com`; `mxtoolbox.com` Tip: when you are checking for a particular record you need to specify its exact hostname, not to write the root domain and to select SRV and expect it to find the record for `_sip._tcp.domain.com` – Lanexbg Jun 09 '18 at 15:34
  • Your tip about looking for the exact hostname was really helpful.I was able to check the records with the nslookup tool:nslookup -type=SRV _rmsdisco._http._tcp.your_adrms_domain.com – DanielMarcin Oct 12 '18 at 08:06
  • 1
    I tested against a couple of our DNS servers,after checking their IPs with some of the online tools, and then configuring network properties to point to a given DNS server before each nslookup test. I've found that there was a different SRV record on each DNS server, so I contacted the provider and the wrong record was fixed. Thank you for your help. – DanielMarcin Oct 12 '18 at 08:19

0 Answers0