Threatpulse Auth Connector (BCCA) unable to see users in the AD tree


<< Back to Knowledge Search

Solution

Overview

Threatpulse Auth Connector (BCC) unable to see users in the AD tree
The auth connector is in a resource tree and not the main production tree where the users live
The auth connector runs and connects to the Cloud
BCCA debug log does not show any users being uploaded from the interesting domain.

Cause
Resolution

The resourse domain, or the domain in which BCCA resides, does not have sufficient Active Directory rights to view objects in the main or production AD tree.  It is possible that a two way domain trust does not exist between the two trees.  To resolve the issue, install BCCA onto a member or domain controller located in the main production tree, or establish a two way trust between the two domains.

TROUBLESHOOTING:

BCCA and BCAAA share common debugging parameters.  (Please refer to 000010313 for information on how to enable a BCAAA debug and Windows SSO debug.  Both of those debugging parameters work in BCCA.)  Use the BCAAA debug parameters in the BCCA.INI file.

Please do the following steps:

1.)  Enable BCCA and WindowsSSO debugging for the Threatpulse auth connector.  See 000010313 above for details.
2.)  Once the parameters have been place in the appropriate INI files, then stop and start the BCCA service on the Windows server.
3.)  Perform your testing and get the appropriate files as described in 000010313.
4.)  If there are no users in the WindowsSSO debug files, then the issue is related to insufficient rights.

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4581
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Cloud Authentication Connector
Topic      Authentication, Debugging
Article Number      000013989
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat