This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jonas_O
Explorer
‎2025-01-10 06:08 AM

Harmony Endpoint on-prem and strong authentication with computers not joined to a domain?

Hi,

we are deploying Harmony on-prem in an environment with mostly windows servers and clients joined to a windows AD-domain. We have enabled Strong Authentication as recommended and it works fine. 

But we also have some windows and linux servers not joined to the domain that we want to protect. Is this supported somehow? 

On a linux server in the cpla.log I get following error:

libsba - ERROR - [cpda] realm is empty

libsba - ERROR - [cpda] Failed to get auth header. GetAuthheader error

 

On a windows server in the cpda.log I get:

[error] Kerberos authentication failed - Unknown error. [CclientAuth::getAuthHeader]

[error] Failed to get auth header. GetAuthheader error: 70001 [CHTTPCall_curl::sendReq_internal]

 

Endpoint Management: R81.20

Windows Endpoint version: E88.32

Linux Endpoint version: 1.20.7

 

Best Regards // Jonas

 

0 Kudos
2 Replies
CheckMatesAI
Bot
‎2025-01-10 09:15 AM

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

Deploying Harmony Endpoint with Strong Authentication for servers not joined to a domain is not supported. Strong Authentication relies on Active Directory and Kerberos, which require the machines to be part of the domain.

For your non-domain Windows and Linux servers, you will need to disable Strong Authentication. Here are the steps you can take:

  1. Disable Strong Authentication:

    • In the Web Console or SmartEndpoint, clear the "work in authenticated mode" checkbox for the non-domain machines.

  2. Review Logs:

    • For Linux, ensure the keytab file is correctly set up in /var/lib/checkpoint/cpmgmt/auth.keytab.
    • For Windows, verify the service name and ensure there are no typing errors in the Check Point Endpoint Security Management Server.

If you need further assistance, consider reaching out to Check Point Support.

0 Kudos
Chillyjim
Participant
‎2025-01-10 10:16 AM

Are you trying to auth by machine or user? Local admin or infinity portal?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events