Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kwcheng__FTNT
Staff
Staff

Created on ‎05-19-2024 09:04 PM

"Deny access to this computer from the network" cause FAC unable to bind admin account

Hi team

 

Was anyone aware that the "Deny access to this computer from the network" option will cause the FAC to fail to bind the admin account for LDAP polling (prompted error 52e)?

 

For more information regarding this setting, you can refer to the following Microsoft link:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protec...

 

Log details screen-shot :

 

log detail.png

 

>> This issue is resolved once that option is disabled.

>> Hope anyone can provide some insights.

 

Regards

Patrick

FortiAuthenticator 

 

Do you need to configure a static route when passing an apple from left hand to right hand?
FortiAuthenticator
FortiAuthenticator
View in Store
136
0 Kudos
1 REPLY 1
pminarik
Staff
Staff

Created on ‎05-20-2024 12:52 AM Edited on ‎05-20-2024 12:53 AM

Hi,

That Microsoft article you linked makes it very clear that this option is a "danger zone" and you should be very carefull with it.

 

image.png


Anyway, this should not be a surprise. Event Log polling for FSSO needs to read the DC's event log, and for that it must authenticate first, using network logon. And similar for other functions that need to talk to a DC.

[ corrections always welcome ]
102
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.