How do I establish secure communication between ATP (EDR) and AD?
search cancel

How do I establish secure communication between ATP (EDR) and AD?

book

Article ID: 173993

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

  • Need to enable secure communication between Advanced Threat Protection (ATP) or Endpoint Detection and Response (SEDR) and Active Directory (AD).
  • Where do I find the required AD certificate?
  • How do I update the certificate for AD in ATP or EDR?

 

Environment

Endpoint Detection and Response 4.0 or later

Advanced Threat Protection 3.0 or later

Cause

  • You are configuring Active Directory (AD) in EDR so that AD users can login and use the EDR web user interface.
  • You have configured AD in EDR and you need to renew a certificate that is expiring or has expired.

Resolution

To export the AD certificate from the AD server and upload/update it in EDR:

  1. Log on to the AD server
  2. Click Start > Type MMC and press Enter to open MMC
  3. Click File > Add/Remove Snap-in, click to add certificates to selected snap-ins, select computer account, select local computer, click Finish, click OK.
  4. Expand Certificates > Personal > Certificates
  5. Right click the AD certificate > select All Tasks > click Export
  6. Upload that AD certificate to the AD connection in the SEDR web user interface
    1. On the left navigation pane, click
      Settings 
      >
      Users 
      >
      Active Directory
      .
    2. Click
      +Add Domain
      .
    3. Check to ensure all fields are filled in correctly according to your environment's configuration
      • IMPORTANT: the NetBIOS name field is required as of SEDR 4.3
    4. Check the box to upload or attach the new or updated certificate.

Additional Information

  • See the Symantec EDR documentation on the Broadcom Support Portal for Integrating Symantec EDR with Microsoft Active Directory
    • https://support.broadcom.com/ > Symantec Enterprise Security > Documentation > Endpoint Security and Management > Endpoint Detection and Response (EDR)
  • See Unable to log in with AD credentials after the update to SEDR 4.3 if you are unable to login using AD credentials.