Overview
There are two ways you can use the Active Directory (AD) in Trellix ePO - SaaS:
- Pull in the structure of the AD from the customer's domain, including the Organizational Units and Computers contained in that structure
- Use AD user data for applying user-based policy assignment, and user data with Organizational Units, Security Groups, and Users
ADC:
This component is deployed from Trellix ePO - SaaS, which connects to the customer's AD
and uploads the user and system data to sync with ePO.
ADC-supported operating system:
- Server operating system: Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
- Client operating system: Windows 8.1 and Windows 10
How to deploy the ADC to the end node:
- Log on to Trellix ePO - SaaS.
- Open the product deployment page under the software category.
- Scroll down to the bottom and click Advanced Product Deployment.
- Click New deployment option and name the task.
- In the left pane, from the software tab, click drop-down and select ADC package.
- Select the system to deploy this package and schedule the client task to get the ADC to deploy on the end node.
NOTE: Once the product is deployed and reports to Trellix ePO - SaaS, you see that the system is installed with ADC and an
ADC System tag is applied automatically.
How to register the AD with Trellix ePO - SaaS:
- Log on to Trellix ePO - SaaS.
- Under the configuration page, click Directory Service.
- Type Domain Name.
- Select the system to deploy the ADC.
- Type the AD credentials and perform the Test Connection.
- Save the changes.
NOTE: If the system is installed with ADC, the Connectors category page displays the status as installed. We can select another system from this page to deploy ADC to the end node. It's recommended to have a maximum of two systems, and these systems must be installed with Trellix Agent and Data Exchange layer Client and must report to Trellix ePO - SaaS.
Active Directory Connector Service:
Background details:
- Service Name: McAfee Active Directory Connector Service
- Process name: ad_connector.exe
- Process path: C:\program files\mcafee\ad_connector\ad_connector.exe
- Log name: adc.log
- Log path: C:\ProgramData\McAfee\AD_Connector\logs\adc.log
To enable debug logging in the ADC:
- Log on to Trellix ePO - SaaS.
- Click Policy Catalog and select ADC.
- Select the policy and click Edit.
- In the left pane, from the Detailed logging tab, click Enable.
- Set the log file size and number of log files count.
NOTE: Apply this policy to the system after installation of ADC and send the wakeup call to update the policy.
Source URLs for ADC
Region |
Port |
Data center Location |
URL |
United States |
443 |
cds-usw001.mvision.trellix.com
cds-usw002.mvision.trellix.com
cds-usw003.mvision.trellix.com
cds-usw004.mvision.trellix.com |
https://cds-usw001.manage.trellix.com/ds/v2/results
https://cds-usw002.manage.trellix.com/ds/v2/results
https://cds-usw003.manage.trellix.com/ds/v2/results
https://cds-usw004.manage.trellix.com/ds/v2/results |
India |
443 |
cds-ind001.mvision.trellix.com |
https://cds-ind001.manage.trellix.com/ds/v2/results |
Frankfurt |
443 |
cds-eu001.mvision.trellix.com |
https://cds-eu001.manage.trellix.com/ds/v2/results |
Sydney |
443 |
cds-au001.mvision.trellix.com |
https://cds-au001.manage.trellix.com/ds/v2/results |
Singapore |
443 |
cds-sgp001.mvision.trellix.com |
https://cds-sgp001.manage.trellix.com/ds/v2/results |
NOTE: For more information, see
KB90878 - Ports and URLs needed for Trellix ePolicy Orchestrator - SaaS communication through a firewall.
The
adc.log file records the following success and failure entries:
Successful connection to the Trellix CDS server:
2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_ma.Debug: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request processed with Response 204
2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_ma.Info: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request success with Response 204
2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:0
2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_request_handler.Info: Total upload time taken(adc upload + get response) 78.000000 ms.
HTTP CODE 204 — No Content: It means that a request has succeeded, but that the client doesn't need to navigate away from its current page.
Failed connection to the Trellix CDS server:
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_ma.Debug: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request processed with Response 408
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_ma.Error: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request failed with Response 408
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:63
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Error: failed to send data to CDS server, rc = 63
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Info: Total upload time taken(adc upload + get response) 313.000000 ms.
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Error: Failed to send data, Propogate error code(63)
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_dxl.Error: Failed to start adc request handler, others rc:63
HTTP CODE 408 — Request Timeout: It means that the server would like to shut down this unused connection. It's sent on an idle connection by some servers, even without any previous request by the client.
If the Directory Service test connection fails under the Trellix ePO - SaaS console, you see the error message below:
Error: LDAP authentication failed at Active Directory Connector. Check the Active Directory credentials provided.
The
adc.log file records the authentication failure with the error code 62 and response code 401 as below:
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_ma.Debug: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request processed with Response 401
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_ma.Error: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request failed with Response 401
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:62
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Error: failed to send data to CDS server, rc = 62
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Info: Total upload time taken(adc upload + get response) 57.000000 ms.
2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Error: Failed to send data, Propogate error code(62)
2022-10-09 14:26:34.226 ad_connector(2860.1396) adc_dxl.Error: Failed to start adc request handler, AUTH FAILURE
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Info: ADC token message Upload to MA Successfully
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Debug: Old ADC token memory flused
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Debug: Total time taken get token 490.000000 ms.
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_dxl.Debug: Got ADC token for CDS upload, rc:0
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_dxl.Debug: Started Processing the event
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_client.Info: ldap client connect start
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: ldap connection start by domain
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Looking up Ldap servers via DNS for domain: oxygen.local
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Resolved oxygen.local to movempepo.oxygen.local via SRV-Record
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Resolved oxygen.local to movempepo.oxygen.local via A-record
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Debug: Found Ldap servers via DNS for domain oxygen.local
2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_crypto.Debug: decrypted successfully
2022-10-09 14:26:34.733 ad_connector(2860.1396) adc_ldap_connection.Error: ldap bind failed with error (0x31): Invalid Credentials
2022-10-09 14:26:34.733 ad_connector(2860.1396) adc_ldap_client.Debug: ldap client connect end
NOTE: The above log entries are shown from one of the data center URLs as an example, and the log entries vary based on the respective URL from which the region customer ADC system is connected.
HTTP CODE 401 — Unauthorized: It means that the client request isn't completed because of invalid authentication credentials for the requested resource.
If ADC is installed on the system, you can check connectivity to the IAM server in any environment by executing the URL below:
https://iam.mcafee-cloud.com/iam/v1.0/.well-known/openid-configuration