To ensure that users are being identified correctly, start with the following procedure:
Steps
- Log on to a machine whose users do not appear to be getting identified properly.
- Open a browser and navigate to 4 or 5 distinctive websites.
- Go to the DC Agent machine and check the Windows Event Viewer for error messages. If error messages appear, see:
- DC Agent: Error Code 1058 (seen on startup)
- DC Agent: ERROR_ACCESS_DENIED - 5
- DC Agent: ERROR_BAD_NETPATH - 53
- If there are no errors, open the Forcepoint Security Manager and use Real-Time Monitor or investigative reports to see if your Internet activity (in step 2) was logged as the correct user.
- If the correct user name appears associated with the requests, there may be a policy configuration issue, rather than a user identification issue. Use the Check Policy tool
in the Security Manager to troubleshoot the issue.
- If the user name is incorrect, see DC Agent doesn’t see some or all users.
- If no user name information appears, verify that DC Agent and User Service are able to communicate with your directory service, and that the Windows Computer Browser
service is enabled on the DC Agent machine.
To enable the Computer Browser service, open the Windows Services tool, right-click Computer Browser, and select Properties. Change
the Startup type selection to Automatic, then click Start.
Next steps
You can also use either Real-Time Monitor, in the Security Manager, or the command- line TestLogServer utility, located on the Log Server machine, to verify that user names are
being associated with Internet requests.