Protection Engine console fails to add server with LDAP error
search cancel

Protection Engine console fails to add server with LDAP error

book

Article ID: 272394

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

During an attempt to add a Symantec Protection Engine (SPE) device to management it fails with the error :

"Failed to add following server(s): ########   Reason: Authentication failed either due to invalid credentials or the user is not part of the LDAP group."

Environment

Windows SERVER 2012, 2016, 2019 and 2022

Cause

One possible cause is missing LDAP data in the C:\Program Files\Symantec\Scan Engine\RestAPI\application.properties file.

Missing data or incorrect data on this line in the application.properties file
sperestapi.ldap.basedn=


Logged verbose data from console ADD attempt shows missing LDAP data:
INFO  springframework.ldap.core.LdapTemplate:1448 - No results found for search, base: ''; filter: '(&(distinguishedName=CN=FAKEUSER,OU=Users,OU=Corporate,OU=Client,DC=ad1,DC=prod)(memberOf:1.2.840.113556.1.4.1941:=CN=FAKE-App-222-Prod-Windows-Admin-RG,OU=FAKE.GROUP,OU=Admins,DC=FAKEADSERVER,DC=prod)(objectClass=user))'.

 

Resolution

In the event the Application.Properties file did not propagate the correct RESTAPI baseDN data,  you can enter this data manually by copying another working SPE devices entry,  or re-entering the data manually.

If it still fails to validate the user\pass the AD\LDAP server may not have up to date replicated AD data for groups. You will need to contact your organizations AD group to validate the LDAP baseDN path, and if the user is properly permissioned.


Powered by Wolken Software