This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Polina_1
Contributor
‎2024-08-08 01:17 AM

AD Query does not work with the new domain controller.

Hello

We are using the Security Gateways on version R77.30 and the Management Server on version R81.20.
We used to have Identity Awareness (AD query) configured. Everything worked fine.
But the domain controller was moved to a different hypervisor. I mean we installed new Windows Server 2016, configured old ip address and old domain name on it.
Now the gateway can not connect to the domain controller.
# adlog a dc
bad credentials or firewall blocks DCOM traffic

In the LDAP Account Unit settings we have entered a new Administrator password. But it didn't work.

Can you please tell me what can be done in this case?
It seems logical to me to delete the LDAP Account Unit and create a new one. But I'm not sure about that, because the ip address and domain name are still the same. Do I need to change anything in the settings on CheckPoint in this case?

 

0 Kudos
3 Replies
Lesley
Mentor Mentor
Mentor
‎2024-08-08 01:23 AM

Upgrade firewall to supported version. This version is ancient.

Check also this:

https://support.checkpoint.com/results/sk/sk176148

I assume new DC also got software update or something like that.

Also would recommend moving away from ADquery and use IDC collector (explained in above sk).

Final tip make sure Windows firewall is not blocking the traffic on DC. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Polina_1
Contributor
‎2024-08-08 01:35 AM
In response to Lesley

We checked the traffic on the gateway, no blocks were found. Yes, the new domain controller has the CVE-2021-26414 vulnerability patch installed. We can't update the gateways.

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2024-08-08 01:48 AM
In response to Polina_1

Then you are stuck, no firewall update means no patch available. For r77.30 there is no patch.

So you have 2 options move to IDC or upgrade firewall and patch it. 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top