Data Loss Prevention

 View Only
  • 1.  11.5 Endpoint Agent User AD Group Resolution Failed

    Posted Apr 04, 2012 06:17 AM

    Hi, 

    Has the issue with the AD Group Resolution Failure been addressed at all ?

     

    If the client PC is started off-network, then endpoing agent starts but of course is unable to resolve AD information.

    When the client PC is then connected to the network, the agent establishes communication with the endforce server.

    However, the "AD user group resolution failed" error does not resolve itself.  (We expected that the agent would re-try this after it connects to the server.)

     

    we have more that 1000 agents and its pretty normaly for a user to login in his/hers computer without constant access to the AD servers. is there another workaroung other than restarting the agent? 

    can this warning message be filtered? 

    it's kind of frustrating because this does not corrupt the agents monitoring, and the incidents from such user/computer are generated corretly. what is the reason for this to appear as a warning at all ? 

    thanks ! 



  • 2.  RE: 11.5 Endpoint Agent User AD Group Resolution Failed

    Posted Apr 05, 2012 07:55 AM

    Hi

    The work around what I could think of is either schedule an automatic restart of the services after login or create a batch file to restart the agent srevices that could trigger after every successfull authentication with AD.
     



  • 3.  RE: 11.5 Endpoint Agent User AD Group Resolution Failed

    Posted Apr 06, 2012 02:35 AM

    as far as I know, in order to create a schedule restart of the agent I would need to have Symantec Management Console deployed, which is we don't have .... :)

    we are using only the enforce server and Microsoft SCCM to distrubute the agents. 

     

    I will try to thing of a batch file configuration, but i'm surprised that Symantec didn't think of a more simple solution. Especcially when a restart of multiple agents via the Enforce Platform is such pain (max 10 at a time) ...

     

    Thanks for the answer. I will get back if i think of a solution. 



  • 4.  RE: 11.5 Endpoint Agent User AD Group Resolution Failed

    Posted Jun 19, 2012 01:02 PM

    Well there is way to “temporary” increase the number of agents that can be restarted via the console in  the  Manager.properties file (\Vontu\Protect\config\Manager.properties):

    You can  increase the number of agent tasks following the steps below:

    #com.vontu.manager.troubleshootingTask.maxTasks.RESTART=10

    this setting is commented out. To make active changes, uncomment the line (remove the "#" at the beginning) and set the value accordingly.

    Note that if you wish to set any tasks to a number above 100, you would also need to change a second setting in the above list:
    #com.vontu.manager.troubleshootingTask.maxTotalActiveTasks=100


    Please keep in mind the following changes can result in overloading Enforce server with Agent tasks, so It is not recommended to leave these settings adjusted upwards, but only for the duration of the task as required.