No user or LDAP information is being shown in reports, when using DCinterface.
| Article:TECH163115 | | | Created: 2011-06-23 | | | Updated: 2012-08-31 | | | Article URL http://www.symantec.com/docs/TECH163115 |
Problem
User logon information is not getting passed over to the Symantec Web Gateway therefore policies do not work when using users logon information to apply the policy.
Environment
Windows 2008 R2 DC server
Cause
On Windows 2008, DCinterface notes Event ID 4768 (A Kerberos authentication ticket (TGT) was requested) as a logon event. It then uses the associated Event ID 4624 (An account was successfully logged on) to obtain additional information such as the IP address of the users computer.
Solution
Ensure that "Audit Account logon events" is enabled in Domain Security Policy > Security Settings > Local Policies > Audit Policy.
In addition, if Kerberos Authentication logging is disabled, DCInterface is unable to identify logon events.The following Advanced Security Auditing options need to be set to "Enabled" or "Not Configured" for DCInterface to be able to work:
Domain Security Policy > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon:
Audit Kerberos Authentication Service
Audit Kerberos Service Ticketing Operations
|
|
Related Articles
Article URL http://www.symantec.com/docs/TECH163115
Terms of use for this information are found in Legal Notices
Thank you.