This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fafeka22
Participant
a week ago
Jump to solution

Problem with creating LDAP Account Unit

Hello everyone

I am having a problem with Check Point R81.20. I cannot create a new LDAP Account Unit or edit an existing one because I cannot get Branches.

I also tried to enter them manually, but when I try to add them, they simply do not appear in the field.

The current LDAP Account Unit was created automatically when I enabled and configured Identity Awareness.

Labels
Preview file
877 KB
0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Friday
Jump to solution

If the issue you're having matches sk184190 or similar please reach out to TAC for a new SmartConsole build.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Sunday
In response to fafeka22
Jump to solution

As per the SK referenced earlier TAC will provide a new build of Smartconsole with the fix, this build isn't yet available publicly.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
17 Replies
Vincent_Bacher
Leader Leader
Leader
Friday
Jump to solution

I have already created several au's and there have been cases where “Fetch branches” has not worked for various reasons. However, since you cannot enter a branch via “Add,” I would recommend creating an SR in UC at this point.

There is either something wrong with the SmartConsole, the API, or whatever.

The only thing I would do before the SR (if you haven't already) is install the latest R81.20 SmartConsole. If it's up to date, as I said —> SR

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Friday
Jump to solution

If the issue you're having matches sk184190 or similar please reach out to TAC for a new SmartConsole build.

CCSM R77/R80/ELITE
0 Kudos
fafeka22
Participant
Sunday
In response to Chris_Atkinson
Jump to solution

Yes its match the followed sk, but i already have the latest build of smart console installed, i will try to re-install SmartConsole and open ticket in TAC

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
Jump to solution

Just to confirm, is this S1C management? If so, its expected that it would not work. If its onprem mgmt, then I would verify basic connectivity and follow sk Chris referenced.

Best,
Andy
0 Kudos
Vincent_Bacher
Leader Leader
Leader
Friday
In response to the_rock
Jump to solution

Would manually entering a branch also not work with S1C management? I'm asking because I've never worked with it before. Apart from Harmony Endpoint Management.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to Vincent_Bacher
Jump to solution

Yep, thats works 100%, just fetch does not.

Best,
Andy
0 Kudos
Lesley
MVP Gold
MVP Gold
Saturday
Jump to solution

Check for blocked ports from the system you run smart console on. Check for ldap or ldaps traffic. Firewall could block traffic or firewall on dc server itself. 

If 636 does not work, try 389 and other way around. 636 is recommended because of encryption. Try to fetch fingerprint then you know connections works. Consider to leave the fingerprint empty if you are done to avoid down time if certificates are automatically renewed on dc at a random moment. Also consider using identity collectors to avoid unnecessary load on the gateway 

-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Platinum
MVP Platinum
Saturday
In response to Lesley
Jump to solution

Sometimes, can happen port 636 does not work, definitely worth checking.

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Saturday
In response to the_rock
Jump to solution

Most likely it is this: sk184190: "Fetch branches" button does not show "Branches in use"

There is a fixed version of smartconsole available via TAC.

CCSM R77/R80/ELITE
0 Kudos
Vincent_Bacher
Leader Leader
Leader
Sunday
In response to the_rock
Jump to solution

All of this would explain why fetching does not work. However, it does not quite fit with the symptom that even manual entry does not work –  would expect an error message when there would be a connection attempt when entering the branch – which makes the whole thing somewhat mysterious to me.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
fafeka22
Participant
Sunday
In response to Vincent_Bacher
Jump to solution

I opened SR to TAC because re-install SmartConsole dont helm me, i also cant finf my problem in  list of all resolved issues on SmartConsole Download page https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20_SC/R81.20/R81.20-List-of-all-Resolved-Issues.h...

I think there is a problem in R81.20 release because on R82 it work fine

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Sunday
In response to fafeka22
Jump to solution

As per the SK referenced earlier TAC will provide a new build of Smartconsole with the fix, this build isn't yet available publicly.

CCSM R77/R80/ELITE
0 Kudos
fafeka22
Participant
Monday
In response to Chris_Atkinson
Jump to solution

Thank you, the TAC provided me SmartConsole Build and i installed it, everything work now. But why this build dont published and only provided via TAC?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Monday
In response to fafeka22
Jump to solution

Imagine it's simply a matter of timing and only temporary until the next planned release.

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Monday
In response to Chris_Atkinson
Jump to solution

Glad that worked!

Best,
Andy
fafeka22
Participant
Sunday
In response to Lesley
Jump to solution

The connectivity is ok because i checked it via ldapsearch from GW,SMS and SmartConsole, i also tried port 636 abd 389, the results same

0 Kudos
TJ_Aus
Collaborator
Monday
In response to fafeka22
Jump to solution

It was happening to us too last week, I raised a case and TAC gave us the files that Chris Atkinson is referring to above.
I uninstalled Smart Console and installed the new one provided and it all works now

sk184190 - "Fetch branches" button does not show "Branches in use"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events