Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 1988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User losing authentication

Bruno H Silva 
Dear,

Some Windows 10 machines started to lose internet connection. I'm using STAS with Active Directory authentication. When the user logs in again to windows, the connection returns. Can anybody help me?


This thread was automatically locked due to age.
Parents
  • 0

    Hello Guys! Follow below the log of the STAS. The user that not work is paraujo, Ip connection 10.10.0.245. The Ip of the firewall is 10.10.0.220. We domain is emh.br.

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_eventlog: got Kerberos authentication event

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: UserName: paraujo

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: DomainName: EMH_BH

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: IPv6 WorkstationIP: :

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: IPv4 WorkstationIP: 10.10.0.245

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: Event ID: 4768

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: EventType: AuditSuccess

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: CreateTime: 1661335435

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: ExpireTime: 1661336040

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: LogonType: 2

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: Submitting Function 0x40a830

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: adding function at tail

    DEBUG [0x144c] 24/08/2022 07:03:56 : list_add_tail: first element added

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: get free thread: ThreadID: 0x1450

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_enqueue_userinfo: callback submitted

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_eventlog: userinfo enqueued to dca processor

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_eventlog: got Kerberos authentication event

    DEBUG [0x1450] 24/08/2022 07:03:56 : threadpool_threadproc: New Function added

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: UserName: paraujo

    DEBUG [0x1450] 24/08/2022 07:03:56 : list_remove_head: last element removed

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: DomainName: EMH.BR

    DEBUG [0x1450] 24/08/2022 07:03:56 : threadpool_get_threadproc: Function 0x40a830

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: IPv6 WorkstationIP: :

    DEBUG [0x1450] 24/08/2022 07:03:56 : threadpool_threadproc: Executing Function 0x40a830

    MSG [0x144c] 24/08/2022 07:03:56 : init_userinfo_kerberos: IPv4 WorkstationIP: 10.10.0.245

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: Event ID: 4768

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: User: paraujo

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: EventType: AuditSuccess

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: Domain: emh.br

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: CreateTime: 1661335435

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: WrkstIP: 10.10.0.245

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: ExpireTime: 1661336040

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: CreateTime: 1661335435

    DEBUG [0x144c] 24/08/2022 07:03:56 : init_userinfo_common: LogonType: 2

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: ExpireTime: 1661336040

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_log_userinfo: LogonType: 2

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: Submitting Function 0x40a830

    DEBUG [0x1450] 24/08/2022 07:03:56 : Adding user info to db and Sophos

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: adding function at tail

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'SophosUpdateMgr' (15)

    DEBUG [0x144c] 24/08/2022 07:03:56 : list_add_tail: first element added

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'svcsophos' (9)

    DEBUG [0x144c] 24/08/2022 07:03:56 : threadpool_run: get free thread: ThreadID: 0x1454

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'treinamento' (11)

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_enqueue_userinfo: callback submitted

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_filter_by_username

    DEBUG [0x144c] 24/08/2022 07:03:56 : dca_eventlog: userinfo enqueued to dca processor

    DEBUG [0x1450] 24/08/2022 07:03:56 : userdb_handle_duplicate_userinfo: select query: SELECT * FROM UserInfo WHERE wrkst_ip=='10.10.0.245';

    DEBUG [0x1454] 24/08/2022 07:03:56 : threadpool_threadproc: New Function added

    DEBUG [0x1454] 24/08/2022 07:03:56 : list_remove_head: last element removed

    DEBUG [0x1454] 24/08/2022 07:03:56 : threadpool_get_threadproc: Function 0x40a830

    DEBUG [0x1454] 24/08/2022 07:03:56 : threadpool_threadproc: Executing Function 0x40a830

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: User: paraujo

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: Domain: emh.br

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: WrkstIP: 10.10.0.245

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: CreateTime: 1661335435

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: ExpireTime: 1661336040

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_log_userinfo: LogonType: 2

    DEBUG [0x1454] 24/08/2022 07:03:56 : Adding user info to db and Sophos

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'SophosUpdateMgr' (15)

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'svcsophos' (9)

    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_filter_by_username: comparing username for exclusion: User from UTM 'paraujo' (7) : User in the list 'treinamento' (11)

    DEBUG [0x1450] 24/08/2022 07:03:56 : userdb_insert_userinfo: no matching userinfo found
    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_filter_by_username

    DEBUG [0x1450] 24/08/2022 07:03:56 : userdb_insert_userinfo: UserInfo Successfully Inserted

    DEBUG [0x1450] 24/08/2022 07:03:56 : list_add_tail: first element added

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_insert_userinfo_db: userinfo enqueued in XG Update Queue

    DEBUG [0x1454] 24/08/2022 07:03:56 : userdb_handle_duplicate_userinfo: select query: SELECT * FROM UserInfo WHERE wrkst_ip=='10.10.0.245';

    DEBUG [0x1450] 24/08/2022 07:03:56 : dca_add_userinfo_dcaclient: DCA Client IO succeded

    DEBUG [0x1450] 24/08/2022 07:03:56 : threadpool_finishnotify: Thread ID: 0x1450

    ERROR [0x1434] 24/08/2022 07:03:56 : USERINFO WAITING INFINITE
    DEBUG [0x1450] 24/08/2022 07:03:56 : threadpool_finishnotify: Reset Event

    DEBUG [0x1434] 24/08/2022 07:03:56 : list_remove_head: last element removed

    MSG [0x1434] 24/08/2022 07:03:56 : SSOclient_thread: got userinfo: USER: emh.br\paraujo <-> Flags: 5

    DEBUG [0x1434] 24/08/2022 07:03:56 : SSOclient_filter_CR_subnet: Entering filter function

    DEBUG [0x1434] 24/08/2022 07:03:56 : SSOclient_filter_CR_subnet: authnet not specified, send request to XG

    ERROR [0x1434] 24/08/2022 07:03:56 : SSOclient_update_CR: domain name is there with length 6 , emh.br

    ERROR [0x1434] 24/08/2022 07:03:56 : USERNAME paraujo Length 8

    ERROR [0x1434] 24/08/2022 07:03:56 : WORKSTN IP 10.10.0.245 Length 12

    ERROR [0x1434] 24/08/2022 07:03:56 : DOMAIN emh.br Length 7

    DEBUG [0x1454] 24/08/2022 07:03:56 : userdb_handle_duplicate_userinfo: User 'emh.br\paraujo' found on '10.10.0.245'

    DEBUG [0x1454] 24/08/2022 07:03:56 : userdb_handle_duplicate_userinfo: userinfo matched

    ERROR [0x1434] 24/08/2022 07:03:56 : SSOclient : PACKET SIZE 213 ㄲ3
    DEBUG [0x1454] 24/08/2022 07:03:56 : userdb_insert_userinfo: matching userinfo found
    DEBUG [0x1454] 24/08/2022 07:03:56 : dca_add_userinfo_dcaclient: DCA Client IO succeded

  • 0 in reply to Bruno H Silva

    In this scenario is the  username: paraujo  and the  client IP:    10.10.0.245  is correct ? Who is facing the auto logout issue ?   

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad 
    The paraujo user who has the problem of auto disconnection
  • 0 in reply to Bruno H Silva

    How frequently it happens and how many ADs manage the users ?
    Can you check if under the STAS there isn't any duplicate entries with the same IP and username ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    It's been happening every day. It happened only to users who are running Windows 10 in the latest version. There is no duplicate user.

  • 0 in reply to Bruno H Silva

    Hi Bruno Silva2 

    Please follow the below link to troubleshoot the issue with STAS : 

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/125318/sophos-firewall-best-practice-for-stas#mcetoc_1esth6tqs25 

    Suspecting issues related to your domain controller and with the user group settings with end System.

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML