ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AD Login Datasource failure

book

Article ID: 239517

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

When attempting to import AD logins with the AD Logins Source option on the System -> Users -> Data Sources page in the Enforce Console, it fails and the following error can be seen in the Tomcat localhost logs:

 

com.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not foundcom.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not found
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.initializeUserWalker(DirectoryGroupMemberRetriever.java:180)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:147)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:142)
 at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveFromAConnection(DirectoryGroupMemberRetriever.java:142)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveDirectoryGroupMembers(DirectoryGroupMemberRetriever.java:105)
 at com.vontu.enforce.domainlayer.adroles.RolesSyncingService.sync(RolesSyncingService.java:107)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.lambda$performFullSync$0(DataUserSyncService.java:98)
 at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.performFullSync(DataUserSyncService.java:98)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask.run(DataUserSyncTask.java:80)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)

Cause

The import code uses the NETBIOS-name which is not present in the Global Catalog which causes the import to fail.

Environment

DLP Versions: 15.7 - 15.8

Resolution

Workaround: In the Enforce Console change the Directory Connection port from the Active Directory Global Catalog port of 3268 to LDAP port 389 for insecure or 636 for secure connections.

Additional Information

https://docs.microsoft.com/en-us/windows/win32/adschema/a-netbiosname