Step-by-step guide

AD Connector does not appear to be sending Single Sign-On events.

  • Ensure that Logon Events are appearing in the Security Logs. The details should have the username and IP address listed under TargetUserName and IpAddress respectively.

images/impulsepoint.atlassian.net/wiki/download/attachments/174194857/image2018-5-14_14-58-5.png
  • Ensure logging is not filling up. If the Security Event Log is full, ADConnector will no longer forward data. Logging settings can be modified by opening the event viewer, right-clicking the Security Event Log and choosing “Properties”. In the dialog window, ensure the “Maximum log size” is sufficient for the system and that either “Overwrite events as needed (older events first)” or “Archive the log when full, do not overwrite events” is selected.

images/impulsepoint.atlassian.net/wiki/download/attachments/174194857/image2018-5-14_14-58-21.png
  • Check that the Connector is pointing to the internal IP address of the SafeConnect appliance. In the registry editor, ensure that HKEY_LOCAL_MACHINE\SOFTWARE\ImpulsePoint\ADConnector\serverURL is pointed to the internal IP address of the appliance. The URL should be in the format of http://<ip_address>:8090/restfulservices/addUpdateSession. Replace <ip_address> with the actual internal IP address of the safeconnect appliance. In a cluster environment, this will be the sessiontracker manager.

  • If all else fails, enable debug logging and send the file to support@impulse.com. To enable the debug log, create a new DWORD value in HKEY_LOCAL_MACHINE\SOFTWARE\ImpulsePoint\ADConnecter with the name ‘Log’ and set the value to ‘5’. Once created, restart the ADConnecter service. This will create a file called ‘ADSSO_Log.txt’ in the installed location (c:\Program Files\ImpulsePoint\ADConnector by default). Once a log file is generated, set the value of the new registry key back to ‘0’ to disable the debug logging.

  • After enabling debug logging, the following entry is found in the ‘c:\Program Files\ImpulsePoint\ADConnector\ADSSO_Log.txt’ file:

[2/14/2017 10:13:02 AM] at System.Convert.FromBase64String(String s)
at ADEventListener.ADEventWatcher.Start()

This is due to a powershell restriction preventing the installer from creating a necessary registry key. This can be fixed with the following steps:

  • Launch exe as administrator

  • Run the command ‘Get-Executionpolicy’ to see the current setting

  • Run the command ‘Set-Executionpolicy Unrestricted’ to change it to unrestricted

  • Re-run the Windows Services Installer as normal and then return to powershell

  • Run the command ‘Set-Executionpolicy Restricted’ to change the settings back

AD Connector Service does not start automatically on reboot

  • Confirm that the services are set with an “Automatic (Delayed Start)” Startup Type.

images/impulsepoint.atlassian.net/wiki/download/thumbnails/174194857/image2018-5-14_14-59-31.png