Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 7757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

17.5 Broke SSL VPN.

Rieski

After upgrade to 17.5 SSL VPN authentications are no longer working. 

 

Authentication fails with log entry: 2019-01-15 22:45:09 Authenticationmessageid="17711" log_type="Event" log_component="SSL VPN Authentication" log_subtype="Authentication" status="Failed" user="xxx@xxx" user_group="" client_used="N/A" auth_mechanism="Local,AD" reason="" src_ip="192.168.2.221" message="User xxx@xxx.com failed to login to SSLVPN through Local,AD authentication mechanism because of " name="" src_mac="" 

 

User portal access work for same user. With or without OTP.

No other changes than upgrade has been made.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Kimmo,

    I had a single user report this today, nothing made sense as User portal was fine etc and in the access_server.log in the CLI in debug mode simple said Auth Failed due to username and password error. Checked in AD and there were no auth requests there (which is odd).

    So i deleted the user from the XG Auth interface, re-logged them into the user portal, re-downloaded the SSL VPN config (which will have changed when you deleted and re-made the user after logging in) and they were able to connect.

    I have not heard or seen this any of our other v17.5 customers on SSL VPN but your description and log line is exactly what I had today and that's how i fixed it.

    Hope that helps,

    Emile

  • 0 in reply to Emile Belcourt

    Need to test that then. Lucky this were in LAB setup. Asking 100's for users to redownload profile is nothing I would like to perform after major updates

  • 0 in reply to Rieski

    As I said, this only happened to one user out of all of them in the users running SSL VPN on the XG, I would not expect the entire userbase to be affected but if it was not mission critical I would have done more diagnostics. What I would recommend doing is actually raising a case with Sophos and getting this deep dived because that could be an issue they'd like to be aware of.

    Emile

  • 0 in reply to Emile Belcourt

    Seems AD integration is more or less broken.

     

    Cannot remove problematic user as I get error "User could not be deleted. A firewall rule, VPN connection or web policy rule exists for this user."

     

    Ok so i removed user from ACL_VPN_Access security group that is being used to give access to VPN and also used in FW rule. Same error.

     

    Moved user to different OU than one being synced to XG and used purge AD users option on XG. User still remains in the system and cannot be removed.

Reply
  • 0 in reply to Emile Belcourt

    Seems AD integration is more or less broken.

     

    Cannot remove problematic user as I get error "User could not be deleted. A firewall rule, VPN connection or web policy rule exists for this user."

     

    Ok so i removed user from ACL_VPN_Access security group that is being used to give access to VPN and also used in FW rule. Same error.

     

    Moved user to different OU than one being synced to XG and used purge AD users option on XG. User still remains in the system and cannot be removed.

Children