Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 11532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS doesn't working anymore after 2nd DC demote

VikenNajarian

Hello,

I have a problem on a XG210 (V17.1) of my custommer.

The STAS worked well for weeks but stopped working this week end after the old DC has been demoted.


The STAS was collecting the informations of the two DCs, it was working, and the custommer decided to demote the old DC (old server going to be thrown away), the STAS sofware suite was installed on the two DCs and has been uninstalled on the old DC after being demoted. We then deleted the old DC's IP from the collector list in the 2nd DC stas settings, and deleted the old DC's IP in the STAS settings on the XG aswell.

 

Then the problems happened. All the live users are now not being viewed online anymore in the XG's reports and logs are reporting problems with credentials for all users as shown in this screenshot: 

But in the STAS suite settings we can see the live users showing well: 

 

I thought that it was a problem with users who have been created by the old DC into the XG that they don't work anymore because the DC changed (even if the two DCs cohabited for weeks), so I created a new user in the new DC, and logged in onto a server, but the issue is still the same.

For information: the SSL VPN is configured with AD Auth and it works well, the issue is only in the STAS.

I have many custommers who have multiple DC's with XG and STAS working well, and now I'm afdraid if I will have to demote another DC and if it will break STAS...

 

Thank you for your help.

 

Viken NAJARIAN



This thread was automatically locked due to age.
  • 0 in reply to VikenNajarian

    Hi Viken,

    First, I would uninstall the STAS suite from the AD server and reinstall it, refer to the following KB article for the installation steps: https://community.sophos.com/kb/en-us/123156.

    Purge the AD user by navigating to Configure Authentication > Users and click Purge AD Users. Now reconfigure the AD server settings on the XG, and import the groups, refer to, https://community.sophos.com/kb/en-us/123158.

    You need to be specific with these steps and follow the exact order as I mentioned. Finally, try to authenticate a user, any help?

    Thanks,

  • 0 in reply to sachingurung

    Hello Sachin,

     

    I already Uninstalled and reinstalled STAS from this AD server several times but still the same issue.

     

    I didn't purge the AD users because if I purge the users it will be needed by ALL the users to download a new SSL VPN configuration because a new certificate will be generated per users and it's not a possible thing at the moment. I already deleted a test user and reimported it and it still doesn't connect to the XG by STAS.


    The problem is really weird...


    Thanks.

  • 0 in reply to VikenNajarian

    Did you create a user in a new AD group, import this group in the XG and then tried to authenticate?

    Thanks

  • 0 in reply to sachingurung

    I did not try that yet but I will try it and will tell you the result.

     

    It's really weird that there are only the users connected through STAS that the XG refuses to authenticate, but those same users with the same users account under the XG (through AD) can successfully connect with SSL VPN...

  • +1

    I just resolved this issue today.

    It was all my bad...


    Sorry for all of you that wasted your time trying to help me on this case.

    It was due to a typing error in the active directory domain in the "autenthication - servers" tab, the Netbios domain was right, but the active directory was wrong... It was divSerscite.grp instead of diverscite.grp...

    Sorry again and thanks.