Tuesday, June 29, 2010

Symantec DLP - EndPoint Incidents Active Directory Attributes Lookup Problem

If you are using Symantec DLP v10.0 and if you have problem about getting Active Directory attributes from endpoint incidents try the steps below;

  • Verify Active Directory Connection by using method that described in Symantec Data Loss Prevention Administration Guide.

  • Check the log. You will have a log like that below;


if you have Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s upport for encryption type line



Possible solution is the check "USe DES Encryption types for this account" from user properties in the releated user.




and the AD attiributes will come in the next endpoint incidents.

AD Connection Test



C:\Vontu\jre\bin>kinit
Password for
dlpx@xxxx.LOCAL:
Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s upport for encryption type
KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.(Unknown Source)
at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.sendASRequest(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.(Unknown Source)
at sun.security.krb5.internal.tools.Kinit.main(Unknown Source) Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.(Unknown Source)
... 6 more

No comments:

Post a Comment

 
span.fullpost {display:inline;}