Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 3258 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Authentication Agent constant disconnects

Gary Parr

Over the past few days, several machines with the authentication agent started disconnecting.  Sometimes restarting the agent would resolve the issue, sometimes rebooting the machine would work. Today, none of the authentication agents would stay connected for more than 5 seconds. Looking at XG itself I could find no immediate issues or logs indicating an issue. I did notice however that the authentication service seemed to be randomly showing up as stopped. I didn't have too much time to go digging for logs since the wife was trying to do some on-line holiday shopping, so I rebooted XG.  That didn't work.  I then downgraded from MR-9 to MR-8 and that seems to have solved the issue.

When I have some time, I'm gong to put MR-9 back on and see what I can find. Does anyone have insight into this or suggestions on where to start looking?  I thought the release notes for 9 mentioned improved stability w/ regards to user authentication...

Thanks,

Gary Parr



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    Apologies you are having an authentication issue.

    By the sounds of things you are indeed affected by a known issue that Sophos has a patch for.  This bug is fixed in the next release, v17.5MR10.

    You have 2 options:

    1. Log a case with support and provide an output of the following command from the "Advance Shell": grep -i 'segfault' /log/syslog.log*.  You can update to MR9 prior to patch install or stay on MR8 and request patch for that version.
    2. Create clientless users based on MAC address and assign them to the appropriate firewall user rule and disable CAA.

    Thanks!

  • 0 in reply to KingChris

    Excellent news, thank you.

    I'm a home user, so no support option. Will the patch be made generally available for MR-9?  If not, I can wait until MR-10.

     

    Thanks,

    Gary Parr

Reply Children
  • 0 in reply to Gary Parr

    Hello  

    Unfortunately its not possible to configure this patch as a hotfix.  It requires manual download and then installation.

    Thanks!

  • 0 in reply to KingChris

    I'm game! Honestly, most of the home users on this forum would probably be fine with manual installs. Run a few shell scripts here, ln some fs there, sudo make me a sandwich and all that. After all, we've already accepted the risk of running an enterprise grade firewall without any support outside this forum itself. Having patch downloads available to forum members would be absolutely fantastic! But, I do understand why it might get... interesting putting those out for download by the masses. So, fair enough. I'll be eagerly awaiting MR-10.

    Thanks again,

    Gary Parr