Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 11565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS doesn't working anymore after 2nd DC demote

VikenNajarian

Hello,

I have a problem on a XG210 (V17.1) of my custommer.

The STAS worked well for weeks but stopped working this week end after the old DC has been demoted.


The STAS was collecting the informations of the two DCs, it was working, and the custommer decided to demote the old DC (old server going to be thrown away), the STAS sofware suite was installed on the two DCs and has been uninstalled on the old DC after being demoted. We then deleted the old DC's IP from the collector list in the 2nd DC stas settings, and deleted the old DC's IP in the STAS settings on the XG aswell.

 

Then the problems happened. All the live users are now not being viewed online anymore in the XG's reports and logs are reporting problems with credentials for all users as shown in this screenshot: 

But in the STAS suite settings we can see the live users showing well: 

 

I thought that it was a problem with users who have been created by the old DC into the XG that they don't work anymore because the DC changed (even if the two DCs cohabited for weeks), so I created a new user in the new DC, and logged in onto a server, but the issue is still the same.

For information: the SSL VPN is configured with AD Auth and it works well, the issue is only in the STAS.

I have many custommers who have multiple DC's with XG and STAS working well, and now I'm afdraid if I will have to demote another DC and if it will break STAS...

 

Thank you for your help.

 

Viken NAJARIAN



This thread was automatically locked due to age.
Parents
  • 0
    I tried today more things to understand why STAS doesn’t work anymore but it didn’t help... I created a new VM, installed Active Directory services on it, promoted it as an additionnal DC into the domain, installed STAS on it to try if it was the other DC that is the problem, but the issue was still the same with the new DC.... So i demoted this one... I also downgraded the firmware to 17.08 MR8 but the problem was still present... So I upgraded again to 17.1 GA but no luck, the issue is still there... Still searching how to make STAS working back... If someone has any advice... Thanks

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Hi,

    Could you share the authentication - server and service tab as screenshot?

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi, here are the screenshots.

     

    Nothing changed but only the old DC has been demoted and deleted from the authentication server and service tab

     

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Did you already open an sophos support case? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes I oppened a suport case at the same time I posted the issue on the community to double the chances to find the problem.

     

    The case ID is 8197301 and i'm still waiting for an answer...

     

    Thanks.

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Hi Viken,

    First, I would uninstall the STAS suite from the AD server and reinstall it, refer to the following KB article for the installation steps: https://community.sophos.com/kb/en-us/123156.

    Purge the AD user by navigating to Configure Authentication > Users and click Purge AD Users. Now reconfigure the AD server settings on the XG, and import the groups, refer to, https://community.sophos.com/kb/en-us/123158.

    You need to be specific with these steps and follow the exact order as I mentioned. Finally, try to authenticate a user, any help?

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello Sachin,

     

    I already Uninstalled and reinstalled STAS from this AD server several times but still the same issue.

     

    I didn't purge the AD users because if I purge the users it will be needed by ALL the users to download a new SSL VPN configuration because a new certificate will be generated per users and it's not a possible thing at the moment. I already deleted a test user and reimported it and it still doesn't connect to the XG by STAS.


    The problem is really weird...


    Thanks.

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Did you create a user in a new AD group, import this group in the XG and then tried to authenticate?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
  • 0 in reply to sachingurung

    I did not try that yet but I will try it and will tell you the result.

     

    It's really weird that there are only the users connected through STAS that the XG refuses to authenticate, but those same users with the same users account under the XG (through AD) can successfully connect with SSL VPN...

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

Cookie Information Banner