Overview and workflow of Active Directory Connector in Trellix ePolicy Orchestrator - SaaS
Last Modified: 2024-05-06 07:00:46 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Overview and workflow of Active Directory Connector in Trellix ePolicy Orchestrator - SaaS
Technical Articles ID:
KB96055
Last Modified: 2024-05-06 07:00:46 Etc/GMT Environment
Trellix ePolicy Orchestrator (ePO) - SaaS Active Directory Connector (ADC) Summary
Overview There are two ways in which you can use the Active Directory (AD) in Trellix ePO - SaaS:
ADC: This component is deployed from Trellix ePO - SaaS, which connects to the customer's AD and uploads the user and system data to sync with ePO. ADC-supported operating system:
How to register the AD with Trellix ePO - SaaS:
Active Directory Connector Service: Background details:
Source URLs for ADC
NOTE: For more information, see KB90878 - Ports and URLs needed for Trellix ePolicy Orchestrator - SaaS communication through a firewall. The Successful connection to the Trellix CDS server: 2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_ma.Info: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request success with Response 204 2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:0 2022-10-09 13:04:13.126 ad_connector(2860.10688) adc_request_handler.Info: Total upload time taken(adc upload + get response) 78.000000 ms. HTTP CODE 204 — No Content: It means that a request has succeeded, but the client doesn't need to navigate away from its current page.
Failed connection to the Trellix CDS server:
2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_ma.Error: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request failed with Response 408 2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:63 2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Error: failed to send data to CDS server, rc = 63 2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Info: Total upload time taken(adc upload + get response) 313.000000 ms. 2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_request_handler.Error: Failed to send data, Propogate error code(63) 2022-08-22 09:15:05.606 ad_connector(6084.5640) adc_dxl.Error: Failed to start adc request handler, others rc:63 HTTP CODE 408 — Request Timeout: It means that the server would like to shut down this unused connection. It's sent on an idle connection by some servers, even without any previous request by the client.
If the Directory Service test connection fails under the Trellix ePO - SaaS console, you see the error message below: The 2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_ma.Error: URL(https://cds-eu001.manage.trellix.com/ds/v2/results) request failed with Response 401 2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_ma.Debug: ADC network upload ends. with rc:0 and adc_error:62 2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Error: failed to send data to CDS server, rc = 62 2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Info: Total upload time taken(adc upload + get response) 57.000000 ms. 2022-10-09 14:26:34.219 ad_connector(2860.1396) adc_request_handler.Error: Failed to send data, Propogate error code(62) 2022-10-09 14:26:34.226 ad_connector(2860.1396) adc_dxl.Error: Failed to start adc request handler, AUTH FAILURE 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Info: ADC token message Upload to MA Successfully 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Debug: Old ADC token memory flused 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_iam.Debug: Total time taken get token 490.000000 ms. 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_dxl.Debug: Got ADC token for CDS upload, rc:0 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_dxl.Debug: Started Processing the event 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_client.Info: ldap client connect start 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: ldap connection start by domain 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Looking up Ldap servers via DNS for domain: oxygen.local 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Resolved oxygen.local to movempepo.oxygen.local via SRV-Record 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Info: Resolved oxygen.local to movempepo.oxygen.local via A-record 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_ldap_connection.Debug: Found Ldap servers via DNS for domain oxygen.local 2022-10-09 14:26:34.717 ad_connector(2860.1396) adc_crypto.Debug: decrypted successfully 2022-10-09 14:26:34.733 ad_connector(2860.1396) adc_ldap_connection.Error: ldap bind failed with error (0x31): Invalid Credentials 2022-10-09 14:26:34.733 ad_connector(2860.1396) adc_ldap_client.Debug: ldap client connect end NOTE: The log entries above are shown from one of the data center URLs as an example, and the log entries vary based on the respective URL from which the region customer ADC system is connected. HTTP CODE 401 — Unauthorized: It means that the client request isn't completed because of invalid authentication credentials for the requested resource. If ADC is installed on the system, you can check connectivity to the IAM server in any environment by executing the URL below: Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|