Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 30 subscribers
  • Views 7764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS not working properly on Domain Controller with multiple NICs

Tech Centio

Hi,

 

I found that STAS is not working properly on Domain Controllers with multiple network interfaces attached (subnets). 

 

(nic#1 - 192.168.0.10/24) <DC> (nic#2 - 10.17.12.10/24)

nic#1 is used for networking and nic#2 is used for iscsi for an example.

During STAS installation and configuration there is no option to select interface to listen on.
With "netstat -aobn" you can find that STAS binded itself to all interfaces (0.0.0.0), but in reality it doesn't work on the 192.168.0.10 address.
Test in the advanced tab (agent and collector) are successful to the 10.17.12.10, but fails with 192.168.0.10!

The only workaround we found is to temporary disable the iSCSI interface and restart the STAS service. 
This works until STAS is restarted again... which is causing misbehavior.


I have successfully reproduced this issue on multiple setups and environments. (latest version of STAS is also affected)


Any suggestions?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Tech Centio

    STASS will list you "SOPHOS UPDATE MANAGER" user activities and maybe one or two other administrators.  That's it, that's all.  All other users are "Unknown" and unlisted.

    Symantec's Domain Controller client, called "dcinterface" installs like "click", "click", done and working.  No "never ending" and non-sense config orgie.

    I was told months ago by Sophos staff STASS was being re-written from scratch.  They might as well have the idea to have a single client for all of their products.

    Paul Jr 

Children
  • 0 in reply to Big_Buck

    Currently i successful installed several STAS installation in customer environments. Most of the times, the issues appears in case of some kind of WMI blocks. 

    And if the WMI cannot check the client, STAS will log off the client. 

    For this kind of "scenarios" i use the SSO Client in XG. So basically deploy the software via GPO script to all clients and they will report to XG without STAS / DC involved. Works fine in all other scenarios. 

    Another point is, V17.5 will implement this SSO client in the Endpoint. So basically no need to implement anything in the customer network. Just roll out the Central Endpoint and Synchronized User ID will log in all clients directly as live user in XG. 

     

    To get back to the topic. Did you already talked about this to the Sophos Support? Most likely they can give you a Bug ID for this. 

  • 0 in reply to LuCar Toni

    WMI (Windows Management, now part of "MI") is something we try to use extensively here.  For the better or the worse.  We develop internally our own applications.  So .Net, WMI scripts, and all.   This is not as solid and polished as it should be.  There's many "multi connections" issues with it ...

    V17.5, at least on paper, will ease our life as I understands it.  I did not implemented SSO via policy because, I am sometime lazy, but also,  heuuuuu, how can I say that politely ???   I have been waiting for v18 more than a year.  I really did not wish XG development took so long.  It seems now we will be waiting at least another year.

    Paul Jr 

  • 0 in reply to LuCar Toni

    Hi,


    This issue was raised by one of the customers we support. Previously I encountered the same in other installations and customer's setups, but
    always ignored it, because it was not critical for them.

    Yes, I opened a ticket with the support, but the customer won't allow us to "play" in their environment. 
    So I decided to install STAS on my domain controllers and for my surprise all agent / collector tests are failing no matter how many NICs / IPs.

    The Ticket  is on hold until I find a way to reproduce the faulty behavior in my setup or find a client willing to assist. 

     

    What are those test anyway? Is it socket test (L4) or it's testing L7 logic somehow?

    Best Regards!

  • 0 in reply to Tech Centio

    Hi,


    I was able to make some progress on that matter. 
    It looks to me that tests for agent and collector in STAS Advanced tab  are completely unreliable.
    STAS is authenticating users despite that both of the tests are failing....

     

    Cheers!