Support Center > Search Results > SecureKnowledge Details
Identity Awareness not enforcing roles for Domain Controller hosting Identity Collector Technical Level
Symptoms
  • Identity Awareness not tracking and enforcing access roles designed for the involved Domain Controller when hosting the Identity Collector on the same machine.
  • IP address of the Identity Collector / Domain Controller was added as a Network Filter Inclusion but did not change the behavior.
  • The following messages are found on the Identity Collector's ia_ag.log file at the time of the issue:
    [NetworkFilter (TD::Important)] NAC::IDCOLLECTOR::NetworkFilter::filter: EventRecordID: 118030361 is in the white list and is in the black list
    [FilterFacade (TD::Events)] NAC::IDCOLLECTOR::FilterFacade::filter: Event reject by network filter
Cause

The default behavior is to automatically add the server (Domain Controller) IP address to the Identity Collector filter. This will exclude and therefore not send logins for the Domain Controller to the Gateway.
This is under the assumption that only the administrator will be logging in to the Domain Controller and those events should not be tracked and sent to the Gateway by the Identity Collector.


Solution
Note: To view this solution you need to Sign In .