Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +7 person also asked this people also asked this
  • Locked Locked
  • Replies 41 replies
  • Answers 3 answers
  • Subscribers 37 subscribers
  • Views 121421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User login through SSO client constant login and off in 16.05.1 MR-1

daiqingxu

I use the Sophos Single Sign-On Client (SSO) the first one in Client downloads page.

The thing happens at morning as i notice my internet connection in my desktop lost constantly, then i check the xg find there is high cpu usage with little traffic. Using top i find a "worker" process constantly running 100% (suppose it's single threaded), and "access_server" "login_user" "logout_user" apear time to time with high cpu usage. This brings me the the authentication log where i find the logs below, which is apearantly unnormal.

2017-02-13 14:33:59
Firewall Authentication
SUCCESSFUL
user@domain.local
10.18.100.146
SSO
N/A
User user@domain.local was logged out of firewall
17703
Open PCAP
2017-02-13 14:33:59
Firewall Authentication
SUCCESSFUL
user@domain.local
10.18.100.146
SSO
AD
User user@domain.local of group sys-admin logged in successfully to Firewall through AD authentication mechanism from 10.18.100.146
17701
Open PCAP
2017-02-13 14:34:00
Firewall Authentication
SUCCESSFUL
user@domain.local
10.18.100.146
SSO
N/A
User user@domain.local was logged out of firewall
17703
Open PCAP
2017-02-13 14:34:00
Firewall Authentication
SUCCESSFUL
user@domain.local
10.18.100.146
SSO
AD
User user@domain.local of group sys-admin logged in successfully to Firewall through AD authentication mechanism from 10.18.100.146
17701
Open PCAP

 

I manually stop all of the SSO Client and CPU instantly went back to normal (mostly idle).

So far i have tried reboot every thing around it and itself. I also have tried to restore a know good config backup a month ago. Rollback to the 16.01.3 MR-2. All of them didn't solve the problem.

=====edited======

unrelated

Find some thing strange, /log/syslog.log shows /bin/login is constantly restarted in a one sec interval

Feb 14 03:08:02 (none) daemon.info init: process '/bin/login' (pid 9706) exited. Scheduling for restart.
Feb 14 03:08:02 (none) daemon.info init: starting pid 9707, tty '/dev/ttyS0': '/bin/login'
Feb 14 03:08:03 (none) daemon.info init: process '/bin/login' (pid 9707) exited. Scheduling for restart.
Feb 14 03:08:03 (none) daemon.info init: starting pid 9708, tty '/dev/ttyS0': '/bin/login'



This thread was automatically locked due to age.
Parents
  • 0

    Exact same issue here on an XG310. Initially occurred on 16.01, updated to 16.05, issue remained. Rolled back to 16.01 and restored a known working backup config, issue remained. Updated again to 16.05 because why not, it's broken anyway.

    I've had a ticket open since last Friday and they've only updated it once from the Philippines to ask what timezone I'm in. I've captured packets from the client, the firewall, and both domain controllers and all I can tell is the client receives something back but must not fully recognize it as a successful authorization. It does provide a momentary connection but since it keeps logging out/in connectivity comes and goes and that absolutely just won't fly.

    The Windows SSO client has been working perfectly fine for about 6 months, then out of the blue all the clients started this behaviour. I've disabled SSO for now since the "logout/login/logout/login/logout/login" loop was causing havoc.  We have all client and DC firewalls disabled.  Basically, nothing has changed as far as I can tell but just bam, all clients SSO stopped working at the same time with the same results as in this thread.

    Can we get some eyes on this or at least a followup response? We've spent the better part of a week trying to figure out if it was a client/DC or firewall issue.

Reply
  • 0

    Exact same issue here on an XG310. Initially occurred on 16.01, updated to 16.05, issue remained. Rolled back to 16.01 and restored a known working backup config, issue remained. Updated again to 16.05 because why not, it's broken anyway.

    I've had a ticket open since last Friday and they've only updated it once from the Philippines to ask what timezone I'm in. I've captured packets from the client, the firewall, and both domain controllers and all I can tell is the client receives something back but must not fully recognize it as a successful authorization. It does provide a momentary connection but since it keeps logging out/in connectivity comes and goes and that absolutely just won't fly.

    The Windows SSO client has been working perfectly fine for about 6 months, then out of the blue all the clients started this behaviour. I've disabled SSO for now since the "logout/login/logout/login/logout/login" loop was causing havoc.  We have all client and DC firewalls disabled.  Basically, nothing has changed as far as I can tell but just bam, all clients SSO stopped working at the same time with the same results as in this thread.

    Can we get some eyes on this or at least a followup response? We've spent the better part of a week trying to figure out if it was a client/DC or firewall issue.

Children