Hi.
I am having a problem with STAS authentication. Users log on and are detected in Live Users - Sophos XG. After a few minutes the users are disconnected.
STAS is running with an account that has WMI access on the stations. The attached image shows that running WMI in CMD the connection succeeds. Running on STAS I have access denied.
Firmware Version 17.1.3-m3, STAS version 2.2.3.0.
I found in the logs the following:
DEBUG [0x818] 16/11/2018 15:59:32: wrkstpoll_workerthread_wmi: connecting to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2'
MSG [0x818] 11-16/2018 15:59:32: wrkstpoll_workerthread_wmi: username:. \ Sophos
DEBUG [0x1b54] 11-16/2018 15:59:32: logoff_detector: callback submitted
ERROR [0x818] 11-16/2018 15:59:33: wrkstpoll_workerthread_wmi: couldnt connected to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2': 0x80070005
DEBUG [0x818] 16/11/2018 15:59:34: wrkstpoll_workerthread_wmi: connecting to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2'
MSG [0x818] 11-16/2018 15:59:34: wrkstpoll_workerthread_wmi: username:. \ Sophos
ERROR [0x818] 11-16/2018 15:59:34: wrkstpoll_workerthread_wmi: could not connected to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2': 0x80070005
DEBUG [0x818] 11/16/2015 15:59:35: wrkstpoll_workerthread_wmi: connecting to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2'
MSG [0x818] 11-16/2018 15:59:35: wrkstpoll_workerthread_wmi: username:. \ Sophos
ERROR [0x818] 16/11/2018 15:59:35: wrkstpoll_workerthread_wmi: could not connected to WMI Namespace '\\ 192.168.1.131 \ root \ cimv2': 0x80070005
ERROR [0x818] 11/16/2015 15:59:35: wrkstpoll_workerthread_wmi: WMI Namespace Connect Retry Exceeded for '\\ 192.168.1.131 \ root \ cimv2'
MSG [0x818] 11/16/2018 15:59:35: wrkstpoll_handle_logoff_req: Request received from Logoff Detector
ERROR [0x818] 11/16/2018 15:59:35: userbd_delete_userinfo: trying to delete user
ERROR [0x818] 11-16/2018 15:59:35: userdb_delete_userinfo: UserInfo deleted successfully
Has anyone ever experienced this?
This thread was automatically locked due to age.
