Active Directory user group exclusion failing in Policy

book

Article ID: 170685

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Policies with AD user groups being added as exclusions to policies, are still creating incidents.  The exclusion is not working. No errors in the Enfroce UI Overview

Localhost log shows the following errors:
02 Dec 2017 00:00:01,738- Thread: 78 WARNING [com.vontu.profiles.manager.directoryconnection.LdapIndexSearchObject] Received null objectClasses
02 Dec 2017 00:00:01,769- Thread: 78 SEVERE [com.vontu.profiles.manager.directoryconnection.UserGroupEntryReaderCreator] Unable to retrieve the following directory group entry: ou=IT Infrastructure,ou=Information Technology,ou=***_Users,dc=***,dc=***,dc=gov
Cause:
org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: simple bind failed: Domain.***.***.gov:636; nested exception is javax.naming.CommunicationException: simple bind failed: domain.***.***.gov:636 [Root exception is java.net.SocketException: Connection reset]
org.springframework.ldap.CommunicationException: simple bind failed: Domain.***.***.gov:636; nested exception is javax.naming.CommunicationException: simple bind failed: Domain.***.***.gov:636 [Root exception is java.net.SocketException: Connection reset]
javax.naming.CommunicationException: simple bind failed: Domain.***.***.gov:636
java.net.SocketException: Connection reset
org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: simple bind failed: Domain.***.***.gov:636; nested exception is javax.naming.CommunicationException: simple bind failed: Domain.***.***.gov:636 [Root exception is java.net.SocketException: Connection reset]
 

Cause

Policies were being downloaded and accepted by the DLP servers, but the AD user group added was not able to be indexed correctly.

Environment

DLP 14.6 MP1
W2K12 R2 server
Win 7/10 mix users

Resolution

Remove the AD user group from the policy exclusion. Then re-create the directory server group and add it to the policy exclusion.