Hi All,
One of our customers is using the Terminal Server agent for Citrix and is seeing the following alerts in the logging (and mail).
HeaderDateHour: 22Jun2019 5:32:13; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 32; Action: ctl; Origin: XXXXXXX_XXXXXXX; IfDir: >; InterfaceName: N/A;
Alert: mail; OriginSicName: CN=XXXXXXX_XXXXXXX,O=XXXXXXXX.fake.domain.grq7vi; OriginSicName: CN=XXXXXXX_XXXXXXX,O=XXXXXXX.fake.domain.grq7vi; HighLevelLogKey: 18446744073709551615;
status: Bad configuration; ctrl_category: Configuration Status; description: Failed to get users groups for the domain.(+)Verify that this domain name is configured in your LDAP Account Unit.(+)Domain: nt service;
severity: Critical; ProductName: Identity Awareness; ProductFamily: Network;
Identity Awareness is configured as described in the admin guide and seems to be working. But where does this alert coming from and why is Check Point seeing the 'nt service' domain? This is not configured in the Check Point configuration.
Regards,
Martijn