Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentication service restarting constantly

Carlos Cesario

Hello folks,

We are facing a several problem with auth service.

Currently we have XG 210 - firmware  SFOS 17.5.9 MR-9  with STAS authentication service enabled and it seems that authentication service in SFOSare restarting with frequency, killing all users authenticated.

The same problem reported in thsese posts

https://community.sophos.com/products/xg-firewall/sfos-eap/v17/f/sfos-v170-beta-feedback/96214/access-server-dead?pi2349=3
https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/117195/authentication-service-restarting?pi2147=2

Each time that I see these messages in log viewer, the service kill all my authenticated users

 

Does someone has any solution for this!?

 

Regards

Carlos



This thread was automatically locked due to age.
  • 0

    Should be investigated by Sophos Support.

    Recommend to disable NTLM for all Zones in Devices Access. 

    Do you use Synchronized Heartbeat? 

  • 0

    Hello  

    Sorry to hear you are having this problem.

    Can you go to the advance console, option 3 and then option 5 when you login via SSH.  Once there, please run command: grep -i 'segfault' /log/syslog.log*

    Post the output here.  If there are any segfaults related to access_server, then you are affected by a known issue that a patch is available for.  If you do not have segfaults then we will need your configuration of STAS on the XG.

    Thanks!

  • 0 in reply to LuCar Toni

    Hi  thanks for tips.

    But I already have NTLM disabled for all Zones and I don't use the Synchronized Heartbeat

     

    Regards

    Carlos

  • 0 in reply to KingChris

    Hello  thanks by reply.

    It seems there are a lot off segfaults, look it

     

    XG210_WP03_SFOS 17.5.9 MR-9# grep -i 'segfault' /log/syslog.log*
    Jan 27 10:33:11 (none) user.info kernel: [151852.585340] access_server[24717]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffdb6bb0 error 4 in access_server[8048000+10b000]
    Jan 27 10:42:06 (none) user.info kernel: [152387.889329] access_server[19983]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff823d90 error 4 in access_server[8048000+10b000]
    Jan 27 12:42:19 (none) user.info kernel: [159607.028356] access_server[25134]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff8b63d0 error 4 in access_server[8048000+10b000]
    Jan 27 12:43:32 (none) user.info kernel: [159680.685352] access_server[28902]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffa90360 error 4 in access_server[8048000+10b000]
    Jan 27 13:01:59 (none) user.info kernel: [160788.190918] access_server[30135]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff994b10 error 4 in access_server[8048000+10b000]
    Jan 27 15:11:52 (none) user.info kernel: [168589.103226] access_server[8672]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd66e30 error 4 in access_server[8048000+10b000]
    Jan 27 15:16:47 (none) user.info kernel: [168883.436625] access_server[3246]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffbf1120 error 4 in access_server[8048000+10b000]
    Jan 27 15:51:15 (none) user.info kernel: [170953.577103] access_server[6518]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd75110 error 4 in access_server[8048000+10b000]
    Jan 27 17:07:08 (none) user.info kernel: [175511.122921] access_server[25812]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff835040 error 4 in access_server[8048000+10b000]
    Jan 28 09:35:22 (none) user.info kernel: [234859.317260] access_server[2685]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff855e00 error 4 in access_server[8048000+10b000]
    Jan 28 09:47:50 (none) user.info kernel: [235607.615698] access_server[5282]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd99aa0 error 4 in access_server[8048000+10b000]
    Jan 28 10:07:08 (none) user.info kernel: [236766.716635] access_server[12700]: segfault at 4b4 ip 0000000008079eaa sp 00000000fff657b0 error 4 in access_server[8048000+10b000]
    Jan 28 10:49:51 (none) user.info kernel: [239332.876512] access_server[25048]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd4fb90 error 4 in access_server[8048000+10b000]
    Jan 28 11:00:34 (none) user.info kernel: [239976.166640] access_server[17400]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd16e80 error 4 in access_server[8048000+10b000]
    Jan 28 12:34:12 (none) user.info kernel: [245598.882811] access_server[23480]: segfault at 4b4 ip 0000000008079eaa sp 00000000fff43a40 error 4 in access_server[8048000+10b000]
    Jan 28 15:29:14 (none) user.info kernel: [256110.793807] access_server[10045]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffff6300 error 4 in access_server[8048000+10b000]
    Jan 29 08:52:06 (none) user.info kernel: [318740.335702] access_server[29086]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd5dee0 error 4 in access_server[8048000+10b000]
    Jan 29 09:17:54 (none) user.info kernel: [320289.981566] access_server[16026]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffa598b0 error 4 in access_server[8048000+10b000]
    Jan 29 11:56:47 (none) user.info kernel: [329831.559392] access_server[988]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffae0e20 error 4 in access_server[8048000+10b000]
    Jan 29 12:38:24 (none) user.info kernel: [332330.999264] access_server[31035]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffce5d90 error 4 in access_server[8048000+10b000]
    Jan 29 12:52:03 (none) user.info kernel: [333150.715333] access_server[21019]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffc7a220 error 4 in access_server[8048000+10b000]
    Jan 29 13:52:50 (none) user.info kernel: [336800.980187] access_server[17380]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff858230 error 4 in access_server[8048000+10b000]
    Jan 29 17:52:53 (none) user.info kernel: [351217.077099] access_server[28462]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff981fb0 error 4 in access_server[8048000+10b000]
    Jan 29 17:54:21 (none) user.info kernel: [351305.375088] access_server[24889]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd83470 error 4 in access_server[8048000+10b000]
    Jan 30 09:03:55 (none) user.info kernel: [405929.651653] access_server[26094]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffba2a10 error 4 in access_server[8048000+10b000]
    Jan 30 09:58:21 (none) user.info kernel: [409198.395686] access_server[13156]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff9059d0 error 4 in access_server[8048000+10b000]
    Jan 30 10:38:19 (none) user.info kernel: [411598.840973] access_server[14071]: segfault at 4b4 ip 0000000008079eaa sp 00000000fff40fc0 error 4 in access_server[8048000+10b000]
    Jan 30 10:58:23 (none) user.info kernel: [412803.326744] access_server[7463]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffa01770 error 4 in access_server[8048000+10b000]
    Jan 30 11:53:32 (none) user.info kernel: [416115.036438] access_server[22281]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffd1b410 error 4 in access_server[8048000+10b000]
    Jan 30 12:53:41 (none) user.info kernel: [419727.675183] access_server[29198]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffebb7c0 error 4 in access_server[8048000+10b000]
    Jan 30 14:30:51 (none) user.info kernel: [425563.678236] access_server[17154]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffba0de0 error 4 in access_server[8048000+10b000]
    Jan 30 15:00:18 (none) user.info kernel: [427331.422288] access_server[27144]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffa60460 error 4 in access_server[8048000+10b000]
    Jan 30 15:16:38 (none) user.info kernel: [428313.025984] access_server[13698]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffba6410 error 4 in access_server[8048000+10b000]
    Jan 30 15:54:08 (none) user.info kernel: [430564.358424] access_server[27032]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffa382b0 error 4 in access_server[8048000+10b000]
    Jan 30 16:54:34 (none) user.info kernel: [434193.757042] access_server[20729]: segfault at 4b4 ip 0000000008079eaa sp 00000000ff89d220 error 4 in access_server[8048000+10b000]
    Jan 30 18:35:55 (none) user.info kernel: [440280.873344] access_server[27656]: segfault at 4b4 ip 0000000008079eaa sp 00000000ffaec3d0 error 4 in access_server[8048000+10b000]

    If apply, could you please make available the patch!?

    Best regards
    Carlos

  • 0 in reply to Carlos Cesario

    Hello  

    Thanks for that information.

    By the state of the log file, yes you are affected by a known bug.

    If you are a paid user and NOT a home user, please log a case and reference this post including your output of the syslog.log file.

    Thanks!

  • 0 in reply to KingChris

    Hi  

    Yes we are a PAID user :)

     

    I will proceed with the case. 

    Thank you!

     

    regards

    Carlos

  • 0 in reply to Carlos Cesario

    Hi  

    Please DM me the case number so that we can track it.

    Thanks!