This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SWBW_Florian
Contributor
a month ago

Identity Awareness "domain name not configured" -> nt-autoritÄt

Hi there,

we receive several warnings a week regarding the identity awareness blade on our Checkpoint NGFW.

Were using the identity collector so identity awareness is active and working very fine so far. Those warnings are more "cosmetic" than a real problem.

Its about the windows system domain "nt-autoritÄt" (in englisch nt-authority)

Its not configured because its system internal. 

The warning looks like this:

 

  • Failed to get users groups for the domain.
    Verify that this domain name is configured in your LDAP Account Unit.
    Domain: nt-autoritÄt
  • Source: ServerIP Adress
    Action: Failed Login
    Blade: I A
    Session ID: XXXX
    Authentication Method: Machine Identity Propagation

Is there any way to "hide" those warnings? or just to "fakeconfigure" this? Actually each Windows Server Domain should have these "issues". how to get rid of it?

We are using 2 nodes in the cluster. i noticed that those warnings only are thrown out through node2

Thanks in Advance

 

Florian

regards
0 Kudos
6 Replies
G_W_Albrecht
Legend
Legend
a month ago

Is it impossible to delete the domain from Collector or from the Query Pool ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
SWBW_Florian
Contributor
a month ago
In response to G_W_Albrecht

i cant find any way to do this. can you point me there?

At least for the query Pool: There is only our active domain configured. nothing else.

regards
0 Kudos
SWBW_Florian
Contributor
a month ago
In response to G_W_Albrecht

i found and configured a "filter" at the identity collectors. i chosed "domain", "exclude" and pasted nt-autoritÄt in there

maybe thats it? I will observe this

regards
0 Kudos
G_W_Albrecht
Legend
Legend
a month ago
In response to SWBW_Florian

That should work. I did not mention the filters...

CCSE CCTE CCSM SMB Specialist
0 Kudos
SWBW_Florian
Contributor
a month ago
In response to G_W_Albrecht

it doesnt. i still have errors since i activated that filter

 

 

regards
Preview file
29 KB
0 Kudos
G_W_Albrecht
Legend
Legend
a month ago
In response to SWBW_Florian

Sorry, i can see nothing relevant in the screenshot - better contact CP TAC !

 

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events