No user or LDAP information is being shown in reports, when using DCinterface.
|Article:TECH163115|||||Created: 2011-06-23|||||Updated: 2012-08-31|||||Article URL http://www.symantec.com/docs/TECH163115|
User logon information is not getting passed over to the Symantec Web Gateway therefore policies do not work when using users logon information to apply the policy.
Windows 2008 R2 DC server
On Windows 2008, DCinterface notes Event ID 4768 (A Kerberos authentication ticket (TGT) was requested) as a logon event. It then uses the associated Event ID 4624 (An account was successfully logged on) to obtain additional information such as the IP address of the users computer.
Ensure that "Audit Account logon events" is enabled in Domain Security Policy > Security Settings > Local Policies > Audit Policy.
In addition, if Kerberos Authentication logging is disabled, DCInterface is unable to identify logon events.The following Advanced Security Auditing options need to be set to "Enabled" or "Not Configured" for DCInterface to be able to work:
Domain Security Policy > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon:
Audit Kerberos Authentication Service
Audit Kerberos Service Ticketing Operations
Article URL http://www.symantec.com/docs/TECH163115