Symantec authentication is case sensitive, AD is not, check your names. Review your Manager logs: c:\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7
\Protect\logs\debug\SymantecDLPManager.log (Windows) or
/var/log/Symantec/DataLossPrevention/EnforceServer/15.7/debug/SymantecDLPManager.log
(Linux). An you can use the kinit command to test user validity:
kinit username
If using secure LDAP communications, don't forget to import LDAP server certificate into Enforce server Java Truststore. If further troubleshooting assistance, I suggest uploading a Wireshark trace when you attempting to communicate with AD.
Good luck,
A.C
Original Message:
Sent: 09-21-2020 09:58 PM
From: andrew yap
Subject: Symantec DLP 15.5MP2: Validation check error when creating user after enabling AD authentication
Hi All,
We encountered validation check error when creating user after enabling AD authentication. Existing users have no issue logging into the Enforce console via AD authentication. It is just that creating new user for AD authentication is hitting validation check error. We have verified all values are provided correctly. In order to get around this, we have to disable AD authentication, add user and then enable it back. Anyone encountered the same issue before? Any hints will be greatly appreciated.