CP Identity Awareness with IDC Users Failed Login ...

KeonNg

Hi Guys,

Currently we are facing some issue that we keep seeing the user failed login logs error messages with "An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity. Please refer to the troubleshooting guide for more help". Whenever we saw this error messages CP FW cannot detect the users and lead to drop because we configured users-based policy but somehow in users PCs they can login logout with no issue. Then after a while after trying relogin and restart for few times, suddenly it will recover back and CP can detect the users. But some users will take longer time to recover.

This issue happened on random users and mostly during morning only when the users enter the office. From the debug we only can see the error msg "pdp::UserPasswordAuthenticator::DoneFetchAsync: called. err_code: 1, err_msg: LDAP Lookup Failed" when try to query the users identity. Please find attachment below for the logs.

FW details:

Running VSLS, R81.10 JHF 139

2 IDC each 4 AD server. No configured SSL in LDAP account unit.

Identity Awareness

PhoneBoy

Identity Collector only collects the usernames.
The gateway does an LDAP Query against Active Directory to get the user groups to associate the users to Access Roles.
This process appears to be randomly failing.

I suspect a TAC case will be necessary to help gather the necessary debugging to resolve the issue.
You may want to start by confirming connectivity between the relevant gateways and the configured LDAP Account Units.

Are you a member of CheckMates?

CP Identity Awareness with IDC Users Failed Login Error FW Not Able to Detect Certain Users