This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Active Directory hanging on import

So our AD Container (Which is actually a Microfocus / Novell eDirectory tree running Directory Services for Windows which creates a fake AD) Anyway it works as a normal AD and we can browse it and look at stuff happily as far as the Windows Servers are concerned.... But when I try to import it into Sophos we seem to get stuck at 40% on most of the branches of our tree. 

Is there a detailed log i can view to see what it's getting hung up on.  It seems to be getting stuck when it's doing Groups.  Not sure if I even actually need any groups, Just Users? 

Any help where to look is greatly appreciated.  I've found the reset to try again stuff, and two branches of our tree that have users, but no groups have all imported fine, any with groups get stuck.



This thread was automatically locked due to age.
Parents
  • Hello fellow Novell/MicroFocus/AD mix!!! I'm in the same boat too!

     

    This will probably be permissions issue for the user that's trying to sync/import from the directory. As you do a sync is it possible to click the bottom left and see more detail about what it's doing. You'll probably see that you'll get the error "The user logged on to the directory has insufficient read rights"

    Worth trying another more powerful user or indeed creating a bespoke user for the import routine. A few failures can be ignored as not ALL objects will be read but you'll probably not need this data and it'll skip and complete.

     

     

  • Thanks for your help that makes sense. I'll give it a go.

     

    Running Safeguard Management Centre do you login to the actual safeguard server as a Domain Admin or the local admin account on the safeguard pc.

     

    As when i login as a Domain Admin, it redoes the Safeguard Management Console config, and says it cannot connect to the database.  BUT, if I login via the local admin it all opens up correctly and opens up and i get as far as the issue mentioned above, which i'll work on today by trying different users.

     

     

     

  • Hi Stephanie.

     

    Yes - Seen this many times, so many times in fact I got sick of following the wizard and made my own "solution" when creating a new AD based account.

     

    1 - Log on to a SafeGuard protected workstation (a normal PC/laptop with Sophos SafeGuard installed) as the "new" AD user you wish to add to the console.

    2 - Allow the "Initial User Sync" to take place.

    3 - On the console - Find the user (right click search)

    4 - Select this user and right click and select "Make this user a security officer". **

    5 - Tick the permissions you wish to assign to them.

    6 - Go to the root of the directory (top left hand side) Select the root of your domain. - Access tab. Make sure the new user has access (drag them in if needed) Save.

    7 - Navigate to C:\Users\userthatcanlogin\AppData\Local\Utimaco\SafeGuard Enterprise\Configuration

    8 - Copy this entire folder (The Configuration one)

    9 - Paste this into the SAME location on the new user - C:\Users\userthatcantloginyet\AppData\Local\Utimaco\SafeGuard Enterprise\Configuration (Obviously make sure you've already logged into the server as that user so their profile exists)

    10 - Log off as user that works and in as user that doesn't. Launch console. Wizard should now skip through the initial configuaration and prompt for the user creds. Select your "new" user and enter their AD password and log in. If access (step 6) is set correctly they should now be good to go!

     

     

    ** If you can't make the user a security officer and get  this error - Log off the workstation and back on again and give Sophos a chance to do the initial user sync. 

     

     

    Hope this helps?

  • Thank you all of this is invaluable info.

     

    With regards to the initial sync of the users... If I untick the synchronise memberships then it works and allows me to import the users. Which is a big step forward i'm not sure how many of the groups i need to synchronise as i'm not sure how much it's going to be group based.  

    But with out that i can at least get a list of all our users into it...  Getting somewhere :)

  • Well done, good work!

    Happy to help!

Reply Children
No Data