Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Defender Security Server messages

Build <Build Version>
UTC bias <the offset in minutes from Coordinated Universal Time>
Info: User <User Name> found as user <Distinguished Name of the User> Session ID: <User’s Session ID>
User <User Name> changed Windows Password Session ID: <User’s Session ID>
User <User Name> changed Defender Password Session ID: <User’s Session ID>
User <User Name> authenticated with Defender Password Session ID: <User’s Session ID>
User <User Name> authenticated with Active Directory Password Session ID: <User’s Session ID>
User <User Name> authenticated with GrIDsure Token Session ID: <User’s Session ID>
User <User Name> authenticated with token <Token> Session ID: <User’s Session ID>
User <User Name> authenticated with Defender Password Session ID: <User’s Session ID>
User <User Name> authenticated with Active Directory Password Session ID: <User’s Session ID>
PIN Expired <User Name>
Attempting to connect to <Domain Controller> at <Domain>
Authenticating to GC @ <Global Catalog Server>:<Port> with <Admin User Name from configuration> (<Administrator User Name> on <Domain>)
Authenticating to <Domain Controller>:<Port> with <Admin User Name from configuration> (<Administrator User Name> on <Domain>)
Authenticating to <Domain Controller>:<Port> with auto negotiate
Authenticated to GC @ <Global Catalog Server>:<Port>
Authenticated to directory @ <Domain Controller>:<Port>
Failed to authenticate to GC @ <Global Catalog Server>:<Port> (<LDAP Error Code>, <LDAP Error Message>)
Failed to authenticate to directory @ <Domain Controller>:<Port> (<LDAP Error Code>, <LDAP Error Message>)
Failed to connect using SSL to <Domain Controller>:<Port>
Failed to connect to <Domain Controller>:<Port>
DNS lookup of <Domain Controller>
Using this Global Catalog @ <Global Catalog Server> for <Domain>
Connected to <Base Distinguished Name> @ <Domain Controller> <Domain>)
Connected to <Domain Controller> @ <Domain>
ldap connection <Connection Id> invalid to <Domain> (closing)
Using this Global Catalog @ <Global Catalog Server>
Using Global Catalog @ <Global Catalog Server>
Using Site Global Catalog @ <Global Catalog Server>
Using this Global Catalog @ <Global Catalog Server>
Connection to <Domain Controller> took <Number> seconds
<[GC / Domain]> Search from <Domain Controller> for <Search Criteria> took <Number> seconds
<[GC / Domain]> Search from <Domain Controller> took <Number> seconds
Found GC Server <Base Distinguished Name>
Failed to extract DN for <Base Distinguished Name>
Found Server <Base Distinguished Name>
Connected to <Domain>:<Port Number> @ <Active Directory Address> (<Domain Controller>)
LDAP failed (<LDAP Error Code>) getting NASSObject <Access Node Distinguished Name>
LDAP failed (<LDAP Error Code>) writing DSS status
Info: Policy <Policy Distinguished Name> Session ID: <Session Id>
Info: Policy <Policy Distinguished Name> Session ID: <Session Id>
LDAP failed (<LDAP Error Code>) getting Radius Payload <RADIUS Payload Distinguished Name>
Malformed NetScreen request: Access-Request for <User Name> from <IP Address>:<Port> through NAS:<Access Node> Request ID: <Id> Session ID: <Session Id>
LDAP failed (<LDAP Error Code>) getting token data for <Token Distinguished Name>
Permanent software-token license <Token Distinguished Name>
Valid temporary software-token license <Token Distinguished Name> - expires <Date>
Failed to start NAS device <Access Node> (<Defender Security Server>) Bound to TCP address <IP Address>:<Port>
Failed to start NAS device <Access Node> (<Defender Security Server>) Bound to UDP address <IP Address>:<Port>
Failed to bind to <IP Address>:<Port>
Removing NAS device <Access Node> @ <IP Address>:<Port>
Terminating agent connection for <Defender Security Server>
Updating NAS device <Access Node> @ <IP Address>:<Port>
Terminating agent connection for <Defender Security Server>
DSS found @ <Defender Security Server Distinguished Name>
NAS device <Access Node> (<Defender Security Server>) Bound to TCP address <IP Address>:<Port>
NAS device <Access Node> (<Defender Security Server>) Bound to UDP address <IP Address>:<Port>
LDAP failed (<LDAP Error Code>) writing data for <Token Distinguished Name>
LDAP failed (<LDAP Error Code>) writing token data for <Token Distinguished Name>
Failed (SDB) writing token data for <Token Distinguished Name>
LDAP failed (<LDAP Error Code>) writing user data for <User Distinguished Name>
SEND FAILED Radius response: Access-Challenge User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
SEND FAILED Radius response: Authentication Rejected, User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
SEND FAILED Radius response: Authentication Acknowledged, User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
SEND FAILED Radius response: User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
Radius response: Access-Challenge User-Name: <User Name> Request ID: <Id> Session ID <Session Id>
Radius response: Authentication Rejected User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
Radius response: Authentication Acknowledged User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
Radius response: User-Name: <User Name>, Request ID: <Id> Session ID <Session Id>
Radius request: Access-Request for <User Name> from <IP Address>:<Port> through NAS: <Access Node> Request ID: <Id> Session ID: <Session Id>
Reason: User account <User Name> disabled Session ID <Session Id>
User account <User Name> disabled Session ID <Session Id>
Reason: User <User Distinguished Name> not valid for this route Session ID <Session Id>
LDAP failed (<LDAP Error Code>) finding user <User Name>
authentication abandoned user <User Name> Session ID: <Session Id>
Radius request: Access-Request (proxied to <Access Node> <IP Address>:<Port>) for <User Name> from <IP Address>:<Port> through NAS:<Access Node> Request ID: <Id> Session ID: <Session Id>
Radius packet (proxy reply) from: <IP Address>:<Port>:<Reply Code>, User-Name: <User Name>, Request ID: <Id>
Agent Request: User-Check for <User Name> from <IP Address>:<Port> through NAS: <Access Node>
Radius response: Authentication Rejected User-Name: <User Name>, Request ID: <Id> Session ID: <Session Id>
Radius response: Authentication Rejected User-Name: <User Name>, Request ID: <Id> Session ID: <Session Id>
Agent <Agent Name> connecting
Agent <Agent Name> connection refused
Duplicate agent <Agent Name> registered
Agent <Agent Name> authenticated and online
Agent <Agent Name> connection rejected
Agent Request: Access-Request for <User Name> from <IP Address>:<Port> through NAS: <Access Node> Session ID: <Session Id>
Agent response: Access-Approved for <User Name>, from <IP Address>:<Port> through NAS: <Access Node> Session ID: <Session Id>
Agent response: Access-Denied for <User Name>, from <IP Address>:<Port> through NAS: <Access Node> Session ID: <Session Id>
Agent Request: Call Ended by <User Name>, from <IP Address>:<Port> through NAS: <Access Node> Session ID: <Session Id>
Agent <Agent Name> disconnected due to receive failure
Agent <Agent Name> disconnected due to inactivity
Agent <Agent Name> disconnected due to send failure
Agent <Agent Name> disconnected
Starting handler <Id> for UDP <IP Address>: port <Port>
Handler <Id> for UDP <IP Address>: port <Port> Terminated <Error Code>
Handler <Id> for UDP <IP Address>: port <Port> Failed (<Number of Errors>) <Error Code> retrying
Stopping handler <Id> for UDP <IP Address>: port <Port>
LDAP failed (<LDAP Error Code>) finding user <User Name>
User account <User Name> disabled
Radius Request from <IP Address>:<Port> Request ID: <Id>
Radius request: Access-Request for <User Name> from <IP Address>:<Port> through NAS: <Access Node> Request ID: <Id> Session ID: <Session Id>
Radius request: Access-Request for <User Name> from <IP Address>:<Port> through NAS: <Access Node> Request ID: <Id> Session ID: <Session Id>
NO USER ID Radius request: Access-Request from <IP Address>:<Port> through NAS: <Access Node> Request ID: <Id> Session ID: <Session Id>
Defender SMS: Unable to send SMS: Failed to send OTP to <User Name> on <Phone Number> Session ID: <Session Id>
Defender SMS: OTP sent to <User Name> on <Phone Number> Session ID: <Session Id>
Defender SMS: Unable to send SMS: No URL is configured in the policy <Policy Distinguished Name> Session ID: <Session Id>
Defender SMS: Unable to send SMS: No provider is configured in the policy <Policy Distinguished Name> Session ID: <Session Id>
Defender E-mail OTP: Unable to send e-OTP: Failed to send OTP to <User Name> on <E-mail Address> Session ID: <Session Id>
Defender E-mail OTP: OTP sent to <User Name> on <E-mail Address> Session ID: <Session Id>
Defender E-mail OTP: Unable to send e-mail OTP: User <User Name> has no e-mail address Session ID: <Session Id>
Defender E-mail OTP: Unable to send eMail: Required username and password for authorisation type <Authentication Type> not configured in the policy <Policy Distinguished Name> Session ID: <Session Id>
Defender E-mail OTP: Send failed (<Error Code>), will retry in <Retry Time>ms
Defender Messaging Provider: Unable to send Message: Unrecognised provider <Provider Type> in the policy <Policy Distinguished Name> Session ID: <Session Id>
Defender Messaging Provider: Sending Message: Type <Provider Type> Session ID: <Session Id>
Defender Messaging Provider: Unable to send Message: Failed to create message provider <Provider Type> in the policy <Policy Distinguished Name> Session ID: <Session Id>
found token <Token Distinguished Name>
<Token Distinguished Name> ok
Using Directory @ <Active Directory Address>:<Port>
Started <Number> authentication handlers
Started <Number> agent handlers
Info: User <User Name> found as user <User Distinguished Name> Session ID: <Session Id>
User <User Name> changed Windows Password Session ID: <Session Id>
User <User Name> changed Defender Password Session ID: <Session Id>
User <User Name> authenticated with Defender Password Session ID: <Session Id>
User <User Name> authenticated with Active Directory Password Session ID: <Session Id>
User <User Name> authenticated with GrIDsure Token Session ID: <Session Id>
User <User Name> authenticated with token <Token> Session ID: <Session Id>
PIN Expired <User Name>
Reason: Ambiguous user name <User Name> Session ID <Session Id>

Appendix F: Defender Client SDK

Installing Defender Client SDK

1
Run the DefenderClientSDK.exe file supplied in the Defender distribution package.

Application Programming Interfaces (APIs)

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating