Hi everyone,
Regarding the current CVE I wanted to change the LDAP password that is used by the gateway. (LDAP account unit).
For this we use one domain user, this user is used in the LDAP account unit, but also on our 2 IDC machines.
We changed the password in AD and we can use the new password to login with RDP. Also we changed in Smart Console and we are able to browse the AD in Smart Console after policy push.
After that I wanted to update the password on the Collector, first on one server. After password change it gave an error that the password was incorrect and status changed from green to red for all configured domain servers. Strangely the other collector that has not been touched kept working despite that the password was changed in AD. It should not be able to work with the old password still in config.
On the problematic IDC system I did a reboot, but also cleared all configuration in the application. So make new filter, domains etc.
It get stuck here: https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics/Identity-...
Under section: Add Domain Controllers manually one at a time
If you press test, it gives the incorrect password error. Was thinking maybe the patch(cve patch) had an effect on it, so removed the patch make the gateway active and tested again, but sadly it did not help (I saw in tcptump if I press test the IDC connects also with IA gateway).
Luck for me we had the old password in the vault and used that again. After putting back the old password the IDC system started to work again. Second what I noticed is that if I press test to much, the users get's locked in AD. We also tried to make a new user but did also not helped. Why is the IDC not using the new password even after reboot and clear of all configuration related to AD?
-------
If you like this post please give a thumbs up(kudo)! 🙂