Active Directory login is unavailable after upgrading the DLP Enforce server
Last Updated June 14, 2019
The ability to login with Active Directory credentials is not available after upgrading Symantec Data Loss Prevention (DLP)
The built-in Administrator account can be used.
DLP 15.0 MP1
DLP 15.5 MP1
The upgrade of your Enforce server may have removed the springSecurityContext.xml file required to enable Active Directory authentication. If the springSecurityContext.xml file is present, check the contents of the file, around lines 95-102 and see if this is missing:
<!-- Set krbConfLocation in System properties --> <bean class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig"> <!-- krb5 configuration file location. For exampleC:\SymantecDLP\Protect\config\krb5.inion Windows or /opt/Vontu/Protect/config/krb5.conf on Linux --> <property name="krbConfLocation" value="C:\SymantecDLP\Protect\config\krb5.ini" /> </bean>
To restore functionality:
On your enforce sever, here is the location of the backup file: "\SymantecDLP\Protect\updates\SymantecDLPEnforceBackup\SymantecDLPEnforceBackup_126.96.36.199028\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml"
If the springSecurityContext.xml needs to be replaced, rename the current file version, then copy the good backup .xml file here: \SymantecDLP\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml With the backup in place, restart the VontuManager service. Active Directory functionality will be restored.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe