No user or LDAP information is being shown in reports, when using DCinterface.

Article:TECH163115  |  Created: 2011-06-23  |  Updated: 2012-08-31  |  Article URL http://www.symantec.com/docs/TECH163115
Article Type
Technical Solution

Product(s)

Issue



User logon information is not getting passed over to the Symantec Web Gateway therefore policies do not work when using users logon information to apply the policy.


Environment



Windows 2008 R2 DC server


Cause



On Windows 2008, DCinterface notes Event ID 4768 (A Kerberos authentication ticket (TGT) was requested) as a logon event. It then uses the associated Event ID 4624 (An account was successfully logged on) to obtain additional information such as the IP address of the users computer.


Solution



Ensure that "Audit Account logon events" is enabled in Domain Security Policy > Security Settings > Local Policies > Audit Policy.

In addition, if Kerberos Authentication logging is disabled, DCInterface is unable to identify logon events.The following Advanced Security Auditing options need to be set to "Enabled" or "Not Configured" for DCInterface to be able to work:

Domain Security Policy > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon:

Audit Kerberos Authentication Service
Audit Kerberos Service Ticketing Operations
 

 





Article URL http://www.symantec.com/docs/TECH163115


Terms of use for this information are found in Legal Notices