This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
orion_son30
Collaborator
Friday

Active Directory Cannot fetch groups Locally Managed Gateway

Hi,

I'm running 82.00 in a Quantum Spark 2560 and I'm not being able to fetch the Groups of the Active Directory Auth Server. 

I already confirmed that the user credentials are correct, since it's the same user that is configured on the Identity Collector. 

The error is pretty generic if I don't specify the Branch. It just says "An error occurred while reading groups from Active Directory". I've already followed some SK, but I was not able to solve the issue. 

Any recommendation on this?

Kind regards

0 Kudos
17 Replies
orion_son30
Collaborator
Friday

 

Sem título.png

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to orion_son30

Any other relevant logs/errors or thats the only one?

Best,
Andy
0 Kudos
orion_son30
Collaborator
Friday
In response to the_rock

No. Just this. 

0 Kudos
Vincent_Bacher
Advisor
Advisor
Friday

Is it about creating a LDAP account unit and section "object management"?
I always add a branch. Not sure what the issue is.
Would be good for the mates to have mor details.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
orion_son30
Collaborator
Friday
In response to Vincent_Bacher

Hi,

This is a locally managed Firewall.

I would like to have more details, but the error is just this one. 

Kind Regards. 

0 Kudos
Vincent_Bacher
Advisor
Advisor
Friday
In response to orion_son30

Please specify exactly what you configured and where. The more details, the better. Screenshots always help as well. The information you shared is far too limited to assist.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
orion_son30
Collaborator
yesterday
In response to Vincent_Bacher

I understand your point. I would like to give you a lot of detail, but I've literally just configured the Active Directory and then when I do the OK, the error appears. I'm sharing the screenshot of the config. 

Sem título.png

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to orion_son30

If you do basic tests/capture from the fw, do you see communication to the AD? Can it ping back and forth? Do port 389,445 and 53 show open?

Best,
Andy
0 Kudos
orion_son30
Collaborator
yesterday
In response to the_rock

Hi, 

Yes. I can ping the server from the Firewall and I can telnet ports 389,445 and 53. 

Kind regards.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to orion_son30

Just an idea...maybe try turn windows fw off?

Best,
Andy
0 Kudos
orion_son30
Collaborator
yesterday
In response to the_rock

😁

Yes, I've checked and it's disabled. 

Thanks.

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to orion_son30

If so, I suggest TAC case.

Best,
Andy
0 Kudos
Dafna
Employee
Employee
yesterday

Hi,

What is the version of the AD server?

0 Kudos
orion_son30
Collaborator
yesterday
In response to Dafna

Hi,

It's a Win Server2012.

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to orion_son30

Do you have any newer version you can test? ie windows server 2019, 2022 or 2025?

Best,
Andy
0 Kudos
orion_son30
Collaborator
yesterday
In response to the_rock

Nops. 

This is an environment from an end customer, so it's pretty old and out of my control. Right now, after removing the old Sophos and put in place the new Check Point 2560, I'm just trying to help the customer to authenticate Remote Access VPN Users with the AD server. 

Thanks. 

0 Kudos
Dafna
Employee
Employee
yesterday
In response to orion_son30

Please open a task and attach:

cpinfo after you replicates the issue + tcpdump

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events