Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Step 3: Gather further diagnostics

If Step 1: Determine type of failure and Step 2: Verify Defender configuration have not resolved the issue, further diagnostics may be required.

The following information may be useful to help diagnosis of the issue when raising a case with One Identity Support.

Default location of the Defender Security Server log files

%ProgramFiles%\One Identity\Defender\Security Server\Logs.

User and token information that may be required

  • Confirmation of token type and serial number.
  • What is the user ID of the user affected?
  • Which organizational unit stores the user’s account in Active Directory?
  • Does the user have more than one token assigned to their account?
  • Has the user ever successfully logged on with this token? If so, when was the last time the user successfully logged on with the token?
  • What is the error the user sees when they try to log on?
  • Do other or all users authenticating via the same route (for example, VPN) experience the same issue?
  • Can a helpdesk response be assigned for this user successfully?

Test token

Test the token response in the Active Directory Users and Computers tool: Open the Properties dialog box for the user, click the Defender tab, select token, click Test, and then enter the token response from the token.

Appendix D: Defender classes and attributes in Active Directory

This appendix provides information about the following Microsoft Active Directory schema object classes and attributes:

Classes defined by Defender

The following is the list of Microsoft Active Directory schema classes that are specifically defined by Defender. Each class has been listed in accordance with the Active Directory schema definitions format as used in the MSDN documentation (for further details, see information on Active Directory Schema published in MSDN at http://msdn.microsoft.com/en-us/library/ms675085(VS.85).aspx). Only attributes that are specific to Defender have been listed; all other attributes are as per the MSDN documentation provided for each respective subclass.

In this section:

defender-tokenClass

  • CN  defender-tokenClass
  • Ldap-Display-Name  defender-tokenClass
  • Governs-Id  1.2.840.113556.1.8000.1267.1.1
  • Object-Category  1
  • Subclass of  Leaf
  • Possible Superiors  Organizational-Unit
  • Update Privilege  Domain or Defender administrator
  • Update Frequency  Records of this type are updated each time a Defender token is created, deleted, or modified.
  • Description  A record of this type is created for each token defined to Defender.

This class contains the following attributes:

 

Table 38:  defender-tokenClass attributes

Attribute

Mandatory

defender-id

False

defender-tokenData

False

defender-tokenDate

False

defender-tokenType

False

 defender-tokenUsersDNs

False

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating