Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 29 subscribers
  • Views 30145 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS user disconnect after 2 minutes

Tam Ben-Jusu

I have a Windows AD domain with 1 domain controller.

I have an AD user that logs in, appears in STAS and has WAN access. Within 2 minutes that user is disconnected and drops out of Show Live Users.

The XG230 shows a successful log-out of that user even when they haven't log out.

The user then gets presented with the Captive Portal.

All tests to the client from the STAS are successful, WMI polling, pinging, etc (The firewall is off on the clients).

All tests between the Sophos Agent and Collector are successful (they are on the same domain controller)

All test between the Collector and the XG230 are successful.

Has anyone else experienced this?

 



This thread was automatically locked due to age.
  • 0 in reply to Tam Ben-Jusu

    Very strange!

    Have you rebooted DC?

    Workstation Polling Method is WMI?

    If "Enable Logoff Detection" is checked -> Can you change "default logoff detection interval" in STAS from 600 seconds to 1800 sec; dead entry timeout to 0.

  • 0 in reply to GabrieleD

    I have tried both WMI Polling and  Registry Read method for log off detection.

    Problem persists. I had a user logged in and authenticated with STAS. I left the client pinging an external IP address and within a few minutes the user was logged out.

    The username disappeared from STAS and was listed on the XG as a 'successful log out'.

    I will change log off detection interval and dead entry time out.

  • 0 in reply to Tam Ben-Jusu

    Open a support ticket.... I finished all my cartridges!

  • 0 in reply to GabrieleD

    hahahahaha... many thanks Gabriele.. you've had great suggestions..

    I opened a ticket weeks ago, had 1 phone call and now nothing... 

    I have found SO many complaints about this on the message boards.

    Some say it is to do with Remote Desktop sessions appearing to the XG as local logon sessions.. some say it is services running with administrator privileges (so that the XG thinks the user has logged off and an administrator has logged on) and some say that WMI Polling doesn't work...

    To my favourite which just says - 'STAS logoff detection simply doesn´t work'

    Many thanks again for all of your help.

  • 0 in reply to Tam Ben-Jusu

    This issue also affects myself and my customers. Logging this and several other issues and Sophos just say its a configuration issue and we need to pay for their Professional Services

  • 0

    Hi Mathew,

    Were you able to resolve this issue? I'm facing the same problem.

    In my case, it happens only with some computers. Some settings:

    Sophos XG 135

    Computer:
    Windows 10 Pro
    Sophos Endpoint Security Advanced + Intercept X

    The other settings, such as STAS, are similar to yours.

    Thanks,

    Translated by Google Translate

    Alvaro

  • 0 in reply to Alvaro Rodrigues

    Apologies for the late response, Alvaro..

    Sophos support have been unable to solve this issue for weeks. 

    Like you, it happens on some machines here more than on others.

    Basically it looks like STAS  (log-off detection) just doesn't work!!