Heartbeat using wrong username

Heartbeat (on endpoint) does a checkup on the format of your username. It checks, if the SAMAccountname and Domain name differentes from the UPN. If case, it is different, it sends only the SAMAccountname to the Firewall. Then the firewall will match it against all AD Servers. Check your AD and this particular user. You find under Advanced View the SAMAccountname. 

yea, sAMAccountName is really in this format. Now the question is, how to handle this situation. Dont really want to change this variable in AD, it might breake some other service outside of Sophos stuff.

And why is Hearthbeat green, when almost every user failing to log in with HB?

Hello LuCar Toni,

I wrote that I will no longer communicate in this thread and I will therefore limit myself to simply stating the facts:

- You are intentionally using a twisted scenario that does not match the scenario I have been pointing out from the beginning.
- I could post your own statements in this forum which confirm my statements, including your recommendations on how to work around the problem of poor implementation of Sophos Heartbeat, including your recommendation to rename the internal domain ...
- I could post to this forum all internal communication between me and my colleague and Sophos developers who will again confirm all my claims.

Please don't provoke me. That's exactly all from me in this thread.

Regards

alda

Lets see, if my approach will resolve the issue for the customer. 

First of all, thank you both for spamming my thread :-)

LuCar Toni i dont know, how adding the same AD server would help here. User in this example "vraspir.kamil" is exactly the same user at the same AD server as vraspir.kamil@*.*.cz, but HB as you said using sAMAcount name, which is only "vraspir.kamil" in my case and users created by Endpoint on firewall are in format vraspir.kamil@*.*.cz therefore heartbeats wont get authenticated.

Adding same server with different domain name would help, if these unauthenticated HBs are from some second domain (which i dont have), something like vraspir.kamil@whatever.cz

Maybe i just dont get your suggestion, so please push me in the right direction if thats the case.

Thank you!

Which Domains do you have currently in SFOS created? Could you give us a overview? 

just one, its synchronizing from just one AD server. Also in whole network i have just one domain and its in format *.*.cz

Can you check this particular user in AD? Check the advanced Attributes. 

And:

second domain is for Azure AD Sync and is not used locally.

The second domain is likely send by the Endpoint. As the user is likely using this one. 

If you create the second Domain name in SFOS as explained earlier, it should work. 

Thats not possible. Second domain is just alternative UPN suffix for Azure AD sync, its not used locally by any means.

Thats not possible. Second domain is just alternative UPN suffix for Azure AD sync, its not used locally by any means.

Try it. Simply use the workaround. Create a second AD Server on SFOS, enter the second Domain to it. Then add it to Authentication- services - Firewall Authentication. 

i am not able to put created FQDN into Server IP/domain field?

Did you create a DNS host entry on SFOS? You need to create a FQDN (AD1.yourdomain.local) for example.

doing this actually got me disconnecting from fw after few seconds i log in from Sophos Central. Had to fast delete fqdn record and newly added AD server :-D

ok that was not the case. I got disconnected when i try to list users on fw. What the hell? Maybe bug in new firmware?

gonna try workaround again tommorow then.

You mean disconnected by the webadmin or the entire client got disconnected? 

firewall logs me out for some reason, but thats topic for new thread. Lets focus on what we have here