Data Loss Prevention

Expand all | Collapse all

Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

  • 1.  Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 29 days ago
    Edited by andrew yap 28 days ago
    Hi All,

    We encountered validation check error when creating user after enabling AD authentication. Existing users have no issue logging into the Enforce console via AD authentication. It is just that creating new user for AD authentication is hitting validation check error. We have verified all values are provided correctly. In order to get around this, we have to disable AD authentication, add user and then enable it back. Anyone encountered the same issue before? Any hints will be greatly appreciated.


  • 2.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 28 days ago
    Symantec authentication is case sensitive, AD is not, check your names. Review your  Manager logs: c:\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7
    \Protect\logs\debug\SymantecDLPManager.log (Windows) or
    /var/log/Symantec/DataLossPrevention/EnforceServer/15.7/debug/SymantecDLPManager.log
    (Linux). An you can use the kinit command to test user validity:

    kinit username

    If using secure LDAP communications, don't forget to import LDAP server certificate into Enforce server Java Truststore. If further troubleshooting assistance, I suggest uploading a Wireshark trace when you attempting to communicate with AD.

    Good luck,
    A.C




  • 3.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Broadcom Employee
    Posted 27 days ago
    You might also look at https://knowledge.broadcom.com/external/article?articleId=174793 which suggests time mismatch between AD and Enforce can affect new user logins.

    ------------------------------
    Global Support Lead, DLP
    Broadcom, Symantec Enterprise Division
    ------------------------------



  • 4.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 27 days ago
    Very good point Stephen, I have seen that happening in the past; mismatch time was more than five minutes.


  • 5.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 26 days ago
    Edited by andrew yap 23 days ago
    Hi All,

    Thanks all for suggestions but there is no issue with existing users doing AD authentication to login to the Enforce DLP. It is just that we are unable to create new users after we enabled AD authentication in Enforce. Getting validation errors. We have verified all fields are populated correctly.

    thanks,
    Andrew




  • 6.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 26 days ago
    I misunderstand you, sorry about that. If you are using the default Administrator account (DLP maintenance account) to log into the Enforce Console, and having that issue, then there might be a bug. Collect logs and open a case for Broadcom and make sure to give them all the environmental conditions under which it can be reproduced. I have never seen this behavior and I have been installing a few DLP 15.7 MP1 ones with AD authentication this year.

    Good luck,
    A.C


  • 7.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 23 days ago
    Edited by andrew yap 23 days ago
    Thanks A.C. We already got a case with Broadcom Support two months ago, provided all sorts of logs and escalated to the internal team and the Management. So far, they are still clueless.




  • 8.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 23 days ago
    Most of this GUI errors are related to DB issues. Make sure DB health is good, and enable JDBC logging to capture the query in failure. Follow this document https://knowledge.broadcom.com/external/article/159781/enable-sql-query-jdbc-logging-in-dlp.html

    Good luck,
    A.C.


  • 9.  RE: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication

    Posted 22 days ago
    Hi A.C,

    Thanks for the suggestion. We will try it out.

    thanks,
    Andrew