Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD groups not working in enterprise console for sub-estates and roles

IT_LCSO

We have 2 domains in our forest, Domain 1 and Domain 2. Sophos
Enterprise Console is installed on a server in Domain 1. When trying to configure
roles and sub-estates both domains are seen but you can only use groups from
domain 1 in roles and sub-estates. Admins from domain 2 have to be setup individually;
the groups from domain 2 don't work. Is there a setting that needs to be
changed to make it so that groups from both domains will work?

:21733


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    Can you get some RBA tracing by doing the following:

    1. Close all Enterprise Consoles that are open.

    2. Stop the "Sophos Management Service" service.

    3. Add the following registry keys to the management server:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Trace\{48502EEA-4629-4dd6-9D67-CBB1A80C29A4}]

    @="TraceRBA"

    "ErrorLevel"=dword:00000003

    Please adjust accordingly for a 64-bit OS.

    4. Start the "Sophos Management Service"

    5. Download and start DebugView (on the management service machine), available from: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

    Remember to "run as administrator" as required.  

    Under the "Capture" menu choose: "Capture Global Win32" and "Capture Win32" if they exist

    6. Launch Enterprise Console as the user, for who it fails when setup as you would expect it to work


    DebugView should populate with verbose logging of the significant components which can be saved as a log file and should help to determine the problem.  Maybe paste, or link to the log here.

    Do you see any access denied entries, I wonder if, as running as system, the management service that is, that it doesn't have the sufficient rights to query the other domain?  If this is the case I would expect to see "ACCESS DENIED" entries.

    Note: Please remember to remove the above keys once complete and you will also need to restart the Sophos Management Service.

    Regards,

    Jak

    :21741
Reply
  • 0

    HI,

    Can you get some RBA tracing by doing the following:

    1. Close all Enterprise Consoles that are open.

    2. Stop the "Sophos Management Service" service.

    3. Add the following registry keys to the management server:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Trace\{48502EEA-4629-4dd6-9D67-CBB1A80C29A4}]

    @="TraceRBA"

    "ErrorLevel"=dword:00000003

    Please adjust accordingly for a 64-bit OS.

    4. Start the "Sophos Management Service"

    5. Download and start DebugView (on the management service machine), available from: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

    Remember to "run as administrator" as required.  

    Under the "Capture" menu choose: "Capture Global Win32" and "Capture Win32" if they exist

    6. Launch Enterprise Console as the user, for who it fails when setup as you would expect it to work


    DebugView should populate with verbose logging of the significant components which can be saved as a log file and should help to determine the problem.  Maybe paste, or link to the log here.

    Do you see any access denied entries, I wonder if, as running as system, the management service that is, that it doesn't have the sufficient rights to query the other domain?  If this is the case I would expect to see "ACCESS DENIED" entries.

    Note: Please remember to remove the above keys once complete and you will also need to restart the Sophos Management Service.

    Regards,

    Jak

    :21741
Children
No Data