Symantec DLP - EndPoint Incidents Active Directory Attributes Lookup Problem

If you are using Symantec DLP v10.0 and if you have problem about getting Active Directory attributes from endpoint incidents try the steps below;

• Verify Active Directory Connection by using method that described in Symantec Data Loss Prevention Administration Guide.


• Check the log. You will have a log like that below;

if you have Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s upport for encryption type line

Possible solution is the check "USe DES Encryption types for this account" from user properties in the releated user.

and the AD attiributes will come in the next endpoint incidents.

AD Connection Test

C:\Vontu\jre\bin>kinit
Password for dlpx@xxxx.LOCAL:
Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s upport for encryption type
KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.(Unknown Source)
at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.sendASRequest(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.main(Unknown Source) Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.(Unknown Source)
... 6 more


Read more...

These settings are not available in preference mode

If you get this warning on Windows Server 2008 , while changing internet explorer Group Policy settings try the step below;

Click Reset Browser Setting in Group Policy, Under User Configuration

Read more...