We are using Zscaler in our organization. Within the last few months we started seeing the error "You cannot control your own screen" when screen sharing or using ARD. We discovered this.
OS - 10.14.6 AND 10.15.4
In terminal:
host 'computername' =
computername has address 10.3.10.23
computername has address 100.64.0.1
The issue is that our DNS is registering the 100.64.0.1 tunneling address to multiple computers. This second DNS is registered with Windows domain and appears on PC computers as well when resolving the hostname of the Mac computer(s)
ifconfig
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 100.64.0.1 --> 100.64.0.1 netmask 0xffff0000
If Zscaler is off, 100.64.0.1 IP goes away.
Zscaler says talk to Apple. Zscaler's response:
"Just before nsupdate there is some activity from opendirectoryd, which is responsible for working with Active Directory. Probably nsupdate was called from it as part of standard flow.
Zapp doesn't call nsupdate ever, so please check this problem on Active Directory side or contact Apple support for clarification."
Apple support says it's the third party app since it is only exhibited when Zscaler is on.
I've found a similar post here:
https://knowledge.broadcom.com/external/article/187967/zscaler-vpn-connections-report-regular-i.html
And this talks about "Back to my Mac" which has been deprecated.
https://community.spiceworks.com/topic/2163518-invalid-ips-showing-up-in-windows-2012-r2-dns
Any help would be appreciated.
