Setting Up LAN Cache on a Domain Controller

Question

Can I set up my Domain Controller as a LAN Cache

 

Answer

It is not recommended to utilize a Domain Controller when setting up a LAN Cache as a domain controller uses many resources and connections that may conflict with the LAN Cache process.

Warning: LAN Cache utilizes local administrator accounts to assign machines and create/manage shares. Since not all VSA installations are domain joined, this design utilizes pass thru authentication which is a form of password reuse. If LAN Cache is installed on a Domain Controller, the local administrator becomes a domain administrator. Installing any software onto a Domain Controller violates Microsoft best practices and introduces security risks to your environment. Kaseya recommends carefully considering your use case(s) before accepting the risk associated with creating additional domain administrator accounts. 

1. You cannot assign a Lan Cache to itself. When assigning the lan cache to the server, you may get the following error:

LAN Cache functionality test results: Fail:Could not connect to LAN share folder. Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.

This is due to the Windows Server Environment being unable to connect to a share with the same username. As such, Domain Controllers cannot be assigned a Lan Cache that resides on itself.

2. Some Agents fail the Lan Cache Test with the following error:

LAN Cache functionality test results: Fail:Failed to create LAN share folder. No such file or directory.

This is likely due to a permissions issue. LAN Cache creates a default User along the lines of "FSAdmin-#######", and due to the lan cache machine being a domain controller, may cause other machines to be unable to connect to the Lan Share. To circumvent this, please navigate to System> Server Management > Default Settings and select LAN Cache - Use auto-generated administrator credentials. Then click the Edit Icon and uncheck the check box in the window that pops up. Once that is done, save the settings and return to Agent > Configure Agents > LAN Cache page.

On the LAN Cache page, select the domain controller and click on the "Add LAN Cache" button. You should not have additional options when setting up the LAN Cache. It is important that you Use the Computer IP Adresss as the UNC server name resolution and use an existing domain administrator's credentials when setting it up.

add-lan-cache.PNG

Once that is done, all agents should successfully test onto the domain controller.

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Contact us