This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lesley
Advisor
Advisor
3 weeks ago

Identity Collector - domain user password change

Hi everyone,

Regarding the current CVE I wanted to change the LDAP password that is used by the gateway. (LDAP account unit).

For this we use one domain user, this user is used in the LDAP account unit, but also on our 2 IDC machines.

We changed the password in AD and we can use the new password to login with RDP. Also we changed in Smart Console and we are able to browse the AD in Smart Console after policy push. 

After that I wanted to update the password on the Collector, first on one server. After password change it gave an error that the password was incorrect and status changed from green to red for all configured domain servers. Strangely the other collector that has not been touched kept working despite that the password was changed in AD. It should not be able to work with the old password still in config.

On the problematic IDC system I did a reboot, but also cleared all configuration in the application. So make new filter, domains etc. 

It get stuck here: https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics/Identity-...

Under section: Add Domain Controllers manually one at a time

If you press test, it gives the incorrect password error. Was thinking maybe the patch(cve patch) had an effect on it, so removed the patch make the gateway active and tested again, but sadly it did not help (I saw in tcptump if I press test the IDC connects also with IA gateway). 

Luck for me we had the old password in the vault and used that again. After putting back the old password the IDC system started to work again. Second what I noticed is that if I press test to much, the users get's locked in AD. We also tried to make a new user but did also not helped. Why is the IDC not using the new password even after reboot and clear of all configuration related to AD?

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
3 weeks ago

I assume failed login attempts would cause the account to get locked in AD per your GPO settings.
However, "old" credentials sounds like a caching issue somewhere on the AD side of things.
Have you opened a TAC case?

0 Kudos
Lesley
Advisor
Advisor
3 weeks ago
In response to PhoneBoy

No TAC case yet, was thinking maybe to create some debugs.

Cache issue on AD I am not sure more I think on collector. We attached around 5 AD servers in the IDC config and all gave the invalid password error. Testing the new password via RDP worked. Also we tried to create a new user, same issue. As final step we used a domain admin account also invalid password (this last one did not had a password change, so it would rule out that it could be caching on AD server). 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to Lesley

Yeah, definitely sounds like some debugs are needed somewhere.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events