Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web authentication through captive portail fail after few minutes

GaelRAYNAUD

Hi all.

I'm currently facing a problem on an XGS2100 where AD authentication & SSO through Web auth are enabled and working. Just for a few minutes...

Next step on every single client (Windows, Android but not iOS) is lose of connectivity and need to reauthenticate by opening their browers again. Windows active probe kicks in by trying to execute the following command and fail :

Invoke-webrequest "">www.msftconnecttest.com/connecttest.txt"

Result is :

Invoke-webrequest : Remote server returned an error : (401) Unauthorized.

When checking on SFOS side, clients are still authenticated with an active connection.

I really don't see what's going on.

Help appreciated.

PS : Not using STAS in this environnement.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  ,

    Good day and thank you for reaching out to Sophos Community and hope you are well. 

    May we check What SFOS version you are running? and how many users (at least an estimate) are authenticating through Captive Portal (AD SSO)?

    Also, try to log a ticket with Sophos support to have this further checked secure2.sophos.com/.../open-a-support-case.aspx, then enable debug mode on access_server service from advanced shell on CLI 5. Device Management > 3. Advance shell

    service access_server:debug -ds nosync

    run some connection test with users then tail -f /log/access_server.log 

    and turn off after debug after troubleshooting (run the same command again - service access_server:debug -ds nosync)

    Once you have the would be generated ticket number and results of testing, please share through DM or by replying to this thread. 

    Thanks for your time and patience and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    Hi  ,

    Good day and thank you for reaching out to Sophos Community and hope you are well. 

    May we check What SFOS version you are running? and how many users (at least an estimate) are authenticating through Captive Portal (AD SSO)?

    Also, try to log a ticket with Sophos support to have this further checked secure2.sophos.com/.../open-a-support-case.aspx, then enable debug mode on access_server service from advanced shell on CLI 5. Device Management > 3. Advance shell

    service access_server:debug -ds nosync

    run some connection test with users then tail -f /log/access_server.log 

    and turn off after debug after troubleshooting (run the same command again - service access_server:debug -ds nosync)

    Once you have the would be generated ticket number and results of testing, please share through DM or by replying to this thread. 

    Thanks for your time and patience and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
  • 0 in reply to Raphael Alganes

    Ok Tks for your reply.

    Ok, I'll try to open a ticket. We're using SFOS 19.5.0 but behaviour was the same with 1.9.0. There is on average 30 users simultaneously.

    Here are the results from the access server log as requested. I've monitored exactly at the time when the disconnection occurs.

    ampxgroup-my.sharepoint.com/.../EU2cLvBVN3VHgp0QKkuqo2kBw69tEsxATUmDctt_9e8tvg

    Edit : Ticket number is 06007040.

    Edit 2 : The problem seems like to occur only when accessing http websites not https. We've got an old Sharepoint that users mostly access via Webdav and after more or less 4 minutes of authentication, it fails. The Windows active probe also use an http website to check connectivity (see my first post).

  • 0 in reply to GaelRAYNAUD

    Hi  ,

    Apologies for the delayed response and thanks for your patience towards this concern. hope you are doing well and good alongside with your family.

    Thanks for providing these details. Upon checking the ticket - latest activities you have sent a log file to the engineer assigned and it is now being investigated. 

    In the meantime, kindly let us know should you need any further assistance from our end.

    Many thanks for your time and patience and Thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hi  

    As you said, ticket is still under investigation. I will update this post as soon as the problem is solved.

    At the moment, I disabled AD authentication for all production networks because there were too many complaints from users. This is a huge problem to monitor traffic now. I hope a solution will be provided quickly.

    Thank you for your assistance.

Unfiltered HTML