Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18.0.5 - Unable to delete Authentication -> Servers

Fred_B

I am trying to delete a demoted DC in the XG Gui under Authentication - Servers but somehow this entry is not removed. I will get a message saying it will take time and I need to check the log viewer for the status.

Under Admin in the Log Viewer it states that I have deleted an authentication server. Still it is not removed from the GUI even after a day,

After this removal there will be 2 valid entries remaining.

Any idea's?

Fred



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Do you see error events in postgres.log file?

    Login to SSH > 5. Device Management > 3. Advanced Shell

    # tail -f /log/postgres.log

    => Try to delete the authentication server from the list and share session output here or in PM.

  • 0 in reply to FormerMember

    Hi Yash,

    The output is: 

    19942 2021-10-05 17:08:54.860 GMTERROR:  update or delete on table "tblauthserve
    rconfig" violates foreign key constraint "tblsmtpprofile_adserver_fkey" on table
     "tblsmtpprofile"                                                               
    19942 2021-10-05 17:08:54.860 GMTDETAIL:  Key (id)=(3) is still referenced from 
    table "tblsmtpprofile".                                                         
    19942 2021-10-05 17:08:54.860 GMTSTATEMENT:  delete from tblauthserverconfig whe
    re id=$1                                                                        
    19942 2021-10-05 17:08:54.861 GMTERROR:  current transaction is aborted, command
    s ignored until end of transaction block                                        
    19942 2021-10-05 17:08:54.861 GMTSTATEMENT:  SELECT txid_current()   

    So it seems the AD server is still referenced somewhere and in order to retain referential integrity the operation aborted. I can however not find it in the GUI. It is no longer enabled as a means of authentication. So that is not it.

    We are no longer using the XG for SMTP scanning but recall that it was possible to set Email Recipient Verification from AD. I do not see where to configure that in the GUI. It is in legacy mode. It matches tblsmtpprofile.

    Another option coming to mind is that I used this AD server to import Users and Groups. I can also not find where that setting is configured. 

    I might be overlooking something in the GUI menu.

    TIA,

    Fred

Reply
  • 0 in reply to FormerMember

    Hi Yash,

    The output is: 

    19942 2021-10-05 17:08:54.860 GMTERROR:  update or delete on table "tblauthserve
    rconfig" violates foreign key constraint "tblsmtpprofile_adserver_fkey" on table
     "tblsmtpprofile"                                                               
    19942 2021-10-05 17:08:54.860 GMTDETAIL:  Key (id)=(3) is still referenced from 
    table "tblsmtpprofile".                                                         
    19942 2021-10-05 17:08:54.860 GMTSTATEMENT:  delete from tblauthserverconfig whe
    re id=$1                                                                        
    19942 2021-10-05 17:08:54.861 GMTERROR:  current transaction is aborted, command
    s ignored until end of transaction block                                        
    19942 2021-10-05 17:08:54.861 GMTSTATEMENT:  SELECT txid_current()   

    So it seems the AD server is still referenced somewhere and in order to retain referential integrity the operation aborted. I can however not find it in the GUI. It is no longer enabled as a means of authentication. So that is not it.

    We are no longer using the XG for SMTP scanning but recall that it was possible to set Email Recipient Verification from AD. I do not see where to configure that in the GUI. It is in legacy mode. It matches tblsmtpprofile.

    Another option coming to mind is that I used this AD server to import Users and Groups. I can also not find where that setting is configured. 

    I might be overlooking something in the GUI menu.

    TIA,

    Fred

Children
  • 0 in reply to Fred_B

    As I learned from the output the issue was referential integrity. In the past we used MTA mode for email scanning and when you enable that the domain policy shows again as it is not removed when switching to leagacy mode. It remains stored in the database tables and in our domain policy we checked for valid recipient adresses using the authentication server I now want to remove. So in order to solve the issue: enable MTA mode again, go to the domain policy, change the authentication server, save, change back to legacy mode and go to authentication and now you are able to remove the server direct without any delay.