Active Directory login is unavailable after upgrading the DLP Enforce server

book

Article ID: 170735

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

  • The ability to login with Active Directory credentials is not available after upgrading Symantec Data Loss Prevention (DLP)
  • The built-in Administrator account can be used.

Cause

The upgrade of your Enforce server may have removed the springSecurityContext.xml file required to enable Active Directory authentication.  If the springSecurityContext.xml file is present, check the contents of the file, around lines 95-102 and see if this is missing:

<!-- Set krbConfLocation in System properties -->
<bean class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig">
<!-- krb5 configuration file location. 
For example
 C:\SymantecDLP\Protect\config\krb5.ini on Windows or /opt/Vontu/Protect/config/krb5.conf on Linux 
-->
<property name="krbConfLocation" value="C:\SymantecDLP\Protect\config\krb5.ini" />
</bean>

Environment

  • DLP 15.0 MP1
  • DLP 15.5 MP1

Resolution

‚ÄčTo restore functionality: 

On your enforce sever, here is the location of the backup file: "\SymantecDLP\Protect\updates\SymantecDLPEnforceBackup\SymantecDLPEnforceBackup_15.0.0.45028\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml"

If the springSecurityContext.xml needs to be replaced, rename the current file version, then copy the good backup .xml file here: \SymantecDLP\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml With the backup in place, restart the VontuManager service. Active Directory functionality will be restored.